hi all
I am using password() to crypt a user password online. but how do i decrypt
a user password, when user forgot his/her password?
kind regards
m
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
moses Woldeselassie wrote:
> hi all
>
> I am using password() to crypt a user password online. but how do i
> decrypt a user password, when user forgot his/her password?
>
>
> kind regards
> m
You don't - that's the point. You have to provide them with a way to
reset their password, based on some other method of authentication.
Traditionally this is done with mailing a user a password reset link,
and having that link only available for a short period of time.
Cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International
Outreach x3257
The opinion(s) contained within this email do not necessarily represent
those of St. Jude Children's Research Hospital.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You can't. Its an MD5 hash, not an encryption...I reset the password to a
random one, and email it to the user, also flag the account to force them to
change the password upon login...
[code]
function mail_password()
{
global $err_msg;
//get the variables from the form
if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
$email = $_POST['email'];
$mid = $_POST['lg_name'];
$date_cookie = $_COOKIE['last_time'];
}else{
$err_msg = "Please enter both your email address and your username.
Thank you.";
show_form();
die();
}//end if
//create the sql and run the query
$sql = "SELECT * FROM users WHERE user_email='$email' and user_name =
'$mid'";
$result = connect($sql);
//check the query results
if (mysql_num_rows($result)!=1){
$err_msg = "No results found. Please re-enter your
username and email address to try again.";
show_form();
}else{
$row = mysql_fetch_array($result);
$email2 = $row['cust_email'];
$pass = $row['cust_pw'];
//call the change password function and pass it the information related to
the record to create the temp password
$new_pass = change_password($mid, $pass);
$sendto = $email2;
$from = "WebMaster
$subject = "Forgotten Password";
$message = "Dear $email2,
Your password is $new_pass.
Regards,
Webmaster";
echo $message;
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$from."\" <".$from.">\n";
if (!mail($sendto, $subject, $message, $headers)){
echo "Mail failed to send";
}else{
header("location:confirm1.htm");
}//end if
}//end if
}//end function
//---------------------------------------------------------- -----------------------------
// change password function
//---------------------------------------------------------- -----------------------------
function change_password($id, $password)
{
//generate a random password
$pass = "";
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//change the password in the db
$sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where
cust_lg = '$id' and cust_pw = '$password'";
$result = connect($sql);
if ($result){
return $pass;
}else{
change_password($id, $password);
}
}//end function
[/code]
bastien
>From: "moses Woldeselassie"
>To: php-db@lists.php.net
>Subject: [PHP-DB] MySQLPHP decrypt(password)
>Date: Fri, 25 Feb 2005 10:20:55 +0000
>
>hi all
>
>I am using password() to crypt a user password online. but how do i decrypt
>a user password, when user forgot his/her password?
>
>
>kind regards
>m
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Fri, 2005-02-25 at 10:20 +0000, moses Woldeselassie wrote:
>hi all
>
>I am using password() to crypt a user password online. but how do i decrypt
>a user password, when user forgot his/her password?
>
>
>kind regards
>m
>
You don't. You make them reset their password.
-Robby
--
/***************************************
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | robby@planetargon.com
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
* --- Now hosting Ruby on Rails Apps ---
****************************************/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Thank you Bastien
It works fine, but i do have a problem with login. MySQL does not allowed
the user to login.
I did try to use sending email without using the change_password(), but it
is sending different password each time:
1. Why is it sending different password for one user?
2. How could I get a user password without changing a user password?
kind regards
m
>From: "Bastien Koert" <bastien_k@hotmail.com>
>To: mmoses@hotmail.com, php-db@lists.php.net
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Fri, 25 Feb 2005 14:04:30 -0500
>
>You can't. Its an MD5 hash, not an encryption...I reset the password to
a random one, and email it to the user, also flag the account to force them
to change the password upon login...
>
>[code]
>function mail_password()
>{
> global $err_msg;
> //get the variables from the form
> if ((isset($_POST['email']))&&(isset($_POST['lg_name']) )){
> $email = $_POST['email'];
> $mid = $_POST['lg_name'];
> $date_cookie = $_COOKIE['last_time'];
> }else{
> $err_msg = "<b>Please enter both your email address and
your username. Thank you.</b>";
> show_form();
> die();
> }//end if
>
> //create the sql and run the query
> $sql = "SELECT * FROM users WHERE user_email='$email' and
user_name = '$mid'";
>
> $result = connect($sql);
>
> //check the query results
> if (mysql_num_rows($result)!=1){
> $err_msg = "<font color=red>No results found. Please
re-enter your username and email address to try again.</font>";
> show_form();
>
> }else{
>
> $row = mysql_fetch_array($result);
> $email2 = $row['cust_email'];
> $pass = $row['cust_pw'];
>
> //call the change password function and pass it the information
related to the record to create the temp password
> $new_pass = change_password($mid, $pass);
>
> $sendto = $email2;
> $from = "WebMaster <webmaster@doctorchoicellc.com>";
> $subject = "Forgotten Password";
> $message = "Dear $email2,
>
> Your password is $new_pass.
>
> Regards,
> Webmaster";
> echo $message;
>
> $headers = "MIME-Version: 1.0\n";
> $headers .= "Content-type: text/plain;
charset=iso-8859-1\n";
> $headers .= "X-Priority: 3\n";
> $headers .= "X-MSMail-Priority: Normal\n";
> $headers .= "X-Mailer: php\n";
> $headers .= "From: \"".$from."\"
<".$from.">\n";
>
> if (!mail($sendto, $subject, $message, $headers)){
> echo "Mail failed to send";
> }else{
> header("location:confirm1.htm");
> }//end if
> }//end if
>}//end function
>
> //---------------------------------------------------------- -----------------------------
>// change password function
> //---------------------------------------------------------- -----------------------------
>function change_password($id, $password)
>{
> //generate a random password
> $pass = "";
> $salt = "abchefghjkmnpqrstuvwxyz0123456789";
> srand((double)microtime()*1000000);
> $i = 0;
> while ($i <= 7) {
> $num = rand() % 33;
> $tmp = substr($salt, $num, 1);
> $pass = $pass . $tmp;
> $i++;
> }
> //change the password in the db
> $sql = "update cust_info set cust_pw ='".md5($pass)."',
temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'";
> $result = connect($sql);
> if ($result){
> return $pass;
> }else{
> change_password($id, $password);
> }
>}//end function
>[/code]
>
>
>bastien
>
>
>
> >From: "moses Woldeselassie" <mmoses@hotmail.com>
> >To: php-db@lists.php.net
> >Subject: [PHP-DB] MySQLPHP decrypt(password)
> >Date: Fri, 25 Feb 2005 10:20:55 +0000
> >
> >hi all
> >
> >I am using password() to crypt a user password online. but how do i
decrypt a user password, when user forgot his/her password?
> >
> >
> >kind regards
> >m
> >
> >--
> >PHP Database Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
thank you.
I do have login and registration script, which work fine. the problem is
with new password.
I am using password() to registrate a user. I did change in the
change_password()
md5() into password(), it changes the user password. I coud easliy see it in
mysql db.
but a user could not login using the new password.
do i have to change the password() into md5() in the registration php
script?
1. is it anyway i could get the password without changing a user password
from mysql.
kind regards
m
>From: "Bastien Koert" <bastien_k@hotmail.com>
>To: mmoses@hotmail.com
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 09:31:20 -0500
>
>There needs to be a separate login page...The previous page was simply
to change the password...
>
>here is my login function...
>
> //---------------------------------------------------------- -----------------------------
>// login function
> //---------------------------------------------------------- -----------------------------
>function login()
>{
> global $err_msg;
> $errors = array();
>
> if ((empty
($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
> $errors[] = "<font color=red>You didn't enter a correct
login name.</font>";}
> if ((empty
($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
> $errors[] = "<font color=red>You didn't enter a
password.</font>";}
>
> if (count($errors) > 0) {
>
> for ($i = 0; $i < $nerrors; $i++){
> $err_msg .= $errors[$i]."<br />";
> }
> show_form();
> exit();
> }//end if
>
> $lg_name = $_POST['lg_name'];
> $lg_pw = $_POST['lg_pw'];
>
> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info
where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
> $result = connect($new_select);
> $num_result = mysql_num_rows ($result);
>
> if ($num_result == 1) {
>
> //if the temp_password value is set to 1 then have the user change the
password.
> $row = mysql_fetch_array($result);
> if ($row['temp_pass']==1){
> header("location:change_pass.php");
> die();
> }//end if
>
> setcookie('last_time',
date("Ymd-his"),time()+60*60*24*30,'/');
> echo "here";
> header("location:/login_unit/brokerpanel.htm");
> exit();
> }else{
> $err_msg = "<font color=red>No match found! If you have
forgotten your password, please click the link at the right.</font";
> show_form();
> exit();
> }
>}//end functon
>
>?>
>
>bastien
>
> >From: "moses Woldeselassie" <mmoses@hotmail.com>
> >To: bastien_k@hotmail.com, php-db@lists.php.net
> >Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >Date: Mon, 28 Feb 2005 11:16:23 +0000
> >
> >Thank you Bastien
> >
> >It works fine, but i do have a problem with login. MySQL does not
allowed the user to login.
> >
> >
> >I did try to use sending email without using the change_password(),
but it is sending different password each time:
> >
> >1. Why is it sending different password for one user?
> >2. How could I get a user password without changing a user
password?
> >
> >
> >
> >
> >kind regards
> >m
> >
> >
> >
> >
> >
> >
> >>From: "Bastien Koert"
<bastien_k@hotmail.com>
> >>To: mmoses@hotmail.com, php-db@lists.php.net
> >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >>Date: Fri, 25 Feb 2005 14:04:30 -0500
> >>
> >>You can't. Its an MD5 hash, not an encryption...I reset the
password to a random one, and email it to the user, also flag the account to
force them to change the password upon login...
> >>
> >>[code]
> >>function mail_password()
> >>{
> >> global $err_msg;
> >> //get the variables from the form
> >> if
((isset($_POST['email']))&&(isset($_POST['lg _name']))){
> >> $email = $_POST['email'];
> >> $mid = $_POST['lg_name'];
> >> $date_cookie = $_COOKIE['last_time'];
> >> }else{
> >> $err_msg = "<b>Please enter both
your email address and your username. Thank
you.</b>";
> >> show_form();
> >> die();
> >> }//end if
> >>
> >> //create the sql and run the query
> >> $sql = "SELECT * FROM users WHERE
user_email='$email' and user_name = '$mid'";
> >>
> >> $result = connect($sql);
> >>
> >> //check the query results
> >> if (mysql_num_rows($result)!=1){
> >> $err_msg = "<font color=red>No
results found. Please re-enter your username and email address to try
again.</font>";
> >> show_form();
> >>
> >> }else{
> >>
> >> $row = mysql_fetch_array($result);
> >> $email2 = $row['cust_email'];
> >> $pass = $row['cust_pw'];
> >>
> >> //call the change password function and pass it the
information related to the record to create the temp password
> >> $new_pass = change_password($mid, $pass);
> >>
> >> $sendto = $email2;
> >> $from = "WebMaster
<webmaster@doctorchoicellc.com>";
> >> $subject = "Forgotten Password";
> >> $message = "Dear $email2,
> >>
> >> Your password is $new_pass.
> >>
> >> Regards,
> >> Webmaster";
> >> echo $message;
> >>
> >> $headers = "MIME-Version: 1.0\n";
> >> $headers .= "Content-type: text/plain;
charset=iso-8859-1\n";
> >> $headers .= "X-Priority: 3\n";
> >> $headers .= "X-MSMail-Priority:
Normal\n";
> >> $headers .= "X-Mailer: php\n";
> >> $headers .= "From:
\"".$from."\"
<".$from.">\n";
> >>
> >> if (!mail($sendto, $subject, $message, $headers)){
> >> echo "Mail failed to send";
> >> }else{
> >> header("location:confirm1.htm");
> >> }//end if
> >> }//end if
> >>}//end function
> >>
>
> >//-------------------------------------------------- -------------------------------------
> >>// change password function
>
> >//-------------------------------------------------- -------------------------------------
> >>function change_password($id, $password)
> >>{
> >> //generate a random password
> >> $pass = "";
> >> $salt =
"abchefghjkmnpqrstuvwxyz0123456789";
> >> srand((double)microtime()*1000000);
> >> $i = 0;
> >> while ($i <= 7) {
> >> $num = rand() % 33;
> >> $tmp = substr($salt, $num, 1);
> >> $pass = $pass . $tmp;
> >> $i++;
> >> }
> >> //change the password in the db
> >> $sql = "update cust_info set
cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg =
'$id' and cust_pw = '$password'";
> >> $result = connect($sql);
> >> if ($result){
> >> return $pass;
> >> }else{
> >> change_password($id, $password);
> >> }
> >>}//end function
> >>[/code]
> >>
> >>
> >>bastien
> >>
> >>
> >>
> >> >From: "moses Woldeselassie"
<mmoses@hotmail.com>
> >> >To: php-db@lists.php.net
> >> >Subject: [PHP-DB] MySQLPHP decrypt(password)
> >> >Date: Fri, 25 Feb 2005 10:20:55 +0000
> >> >
> >> >hi all
> >> >
> >> >I am using password() to crypt a user password
online. but how do i decrypt a user password, when user forgot his/her
password?
> >> >
> >> >
> >> >kind regards
> >> >m
> >> >
> >> >--
> >> >PHP Database Mailing List (http://www.php.net/)
> >> >To unsubscribe, visit:
http://www.php.net/unsub.php
> >> >
> >>
> >
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Password and MD$ return different values. They are not compatible. Since
both are one way encryptions, you can not retrive the orginal value
>From: "moses Woldeselassie"
>To: bastien_k@hotmail.com, php-db@lists.php.net
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 16:44:56 +0000
>
>
>thank you Bastien
>
>I do have a login and registration php sript, which work fine. the problem
>is I am using password(passwd) to registrat the user, and i did change md5
>into password() but how do i get the password that a user has registrated
>in the first time?
>
>
>
>other problem:
>
>i did try to use the sending email using the following:
>
>select passwd from users where username=$mid and email = $email
>
>but it doesn't work. If i put * instead of passwd it works fine.
>select * from users where username=$mid and email=$email
>
>what is the problem?
>
>I didn't get it, a user should easliy login using the new password, which
>was changed using change_password().
>
>
>
>kind regards
>m
>
>
>
>
>>From: "Bastien Koert" <bastien_k@hotmail.com>
>>To: mmoses@hotmail.com
>>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>>Date: Mon, 28 Feb 2005 09:31:20 -0500
>>
>>There needs to be a separate login page...The previous page was simply
>to change the password...
>>
>>here is my login function...
>>
>> //---------------------------------------------------------- -----------------------------
>>// login function
>> //---------------------------------------------------------- -----------------------------
>>function login()
>>{
>> global $err_msg;
>> $errors = array();
>>
>> if ((empty
>($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
>> $errors[] = "<font color=red>You didn't enter a correct
>login name.</font>";}
>> if ((empty
>($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
>> $errors[] = "<font color=red>You didn't enter a
>password.</font>";}
>>
>> if (count($errors) > 0) {
>>
>> for ($i = 0; $i < $nerrors; $i++){
>> $err_msg .= $errors[$i]."<br />";
>> }
>> show_form();
>> exit();
>> }//end if
>>
>> $lg_name = $_POST['lg_name'];
>> $lg_pw = $_POST['lg_pw'];
>>
>> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info
>where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
>> $result = connect($new_select);
>> $num_result = mysql_num_rows ($result);
>>
>> if ($num_result == 1) {
>>
>> //if the temp_password value is set to 1 then have the user change
>the password.
>> $row = mysql_fetch_array($result);
>> if ($row['temp_pass']==1){
>> header("location:change_pass.php");
>> die();
>> }//end if
>>
>> setcookie('last_time',
>date("Ymd-his"),time()+60*60*24*30,'/');
>> echo "here";
>> header("location:/login_unit/brokerpanel.htm");
>> exit();
>> }else{
>> $err_msg = "<font color=red>No match found! If you have
>forgotten your password, please click the link at the
>right.</font";
>> show_form();
>> exit();
>> }
>>}//end functon
>>
>>?>
>>
>>bastien
>>
>> >From: "moses Woldeselassie" <mmoses@hotmail.com>
>> >To: bastien_k@hotmail.com, php-db@lists.php.net
>> >Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>> >Date: Mon, 28 Feb 2005 11:16:23 +0000
>> >
>> >Thank you Bastien
>> >
>> >It works fine, but i do have a problem with login. MySQL does not
>allowed the user to login.
>> >
>> >
>> >I did try to use sending email without using the
>change_password(), but it is sending different password each time:
>> >
>> >1. Why is it sending different password for one user?
>> >2. How could I get a user password without changing a user
>password?
>> >
>> >
>> >
>> >
>> >kind regards
>> >m
>> >
>> >
>> >
>> >
>> >
>> >
>> >>From: "Bastien Koert"
><bastien_k@hotmail.com>
>> >>To: mmoses@hotmail.com, php-db@lists.php.net
>> >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>> >>Date: Fri, 25 Feb 2005 14:04:30 -0500
>> >>
>> >>You can't. Its an MD5 hash, not an encryption...I reset
>the password to a random one, and email it to the user, also flag the
>account to force them to change the password upon login...
>> >>
>> >>[code]
>> >>function mail_password()
>> >>{
>> >> global $err_msg;
>> >> //get the variables from the form
>> >> if
>((isset($_POST['email']))&&(isset($_POST['l g_name']))){
>> >> $email = $_POST['email'];
>> >> $mid = $_POST['lg_name'];
>> >> $date_cookie = $_COOKIE['last_time'];
>> >> }else{
>> >> $err_msg = "<b>Please enter both
>your email address and your username. Thank
>you.</b>";
>> >> show_form();
>> >> die();
>> >> }//end if
>> >>
>> >> //create the sql and run the query
>> >> $sql = "SELECT * FROM users WHERE
>user_email='$email' and user_name = '$mid'";
>> >>
>> >> $result = connect($sql);
>> >>
>> >> //check the query results
>> >> if (mysql_num_rows($result)!=1){
>> >> $err_msg = "<font color=red>No
>results found. Please re-enter your username and email address to try
>again.</font>";
>> >> show_form();
>> >>
>> >> }else{
>> >>
>> >> $row = mysql_fetch_array($result);
>> >> $email2 = $row['cust_email'];
>> >> $pass = $row['cust_pw'];
>> >>
>> >> //call the change password function and pass it the
>information related to the record to create the temp password
>> >> $new_pass = change_password($mid, $pass);
>> >>
>> >> $sendto = $email2;
>> >> $from = "WebMaster
><webmaster@doctorchoicellc.com>";
>> >> $subject = "Forgotten Password";
>> >> $message = "Dear $email2,
>> >>
>> >> Your password is $new_pass.
>> >>
>> >> Regards,
>> >> Webmaster";
>> >> echo $message;
>> >>
>> >> $headers = "MIME-Version: 1.0\n";
>> >> $headers .= "Content-type: text/plain;
>charset=iso-8859-1\n";
>> >> $headers .= "X-Priority: 3\n";
>> >> $headers .= "X-MSMail-Priority:
>Normal\n";
>> >> $headers .= "X-Mailer: php\n";
>> >> $headers .= "From:
>\"".$from."\"
><".$from.">\n";
>> >>
>> >> if (!mail($sendto, $subject, $message, $headers)){
>> >> echo "Mail failed to send";
>> >> }else{
>> >> header("location:confirm1.htm");
>> >> }//end if
>> >> }//end if
>> >>}//end function
>> >>
>>
>> >//-------------------------------------------------- -------------------------------------
>> >>// change password function
>>
>> >//-------------------------------------------------- -------------------------------------
>> >>function change_password($id, $password)
>> >>{
>> >> //generate a random password
>> >> $pass = "";
>> >> $salt =
>"abchefghjkmnpqrstuvwxyz0123456789";
>> >> srand((double)microtime()*1000000);
>> >> $i = 0;
>> >> while ($i <= 7) {
>> >> $num = rand() % 33;
>> >> $tmp = substr($salt, $num, 1);
>> >> $pass = $pass . $tmp;
>> >> $i++;
>> >> }
>> >> //change the password in the db
>> >> $sql = "update cust_info set
>cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg =
>'$id' and cust_pw = '$password'";
>> >> $result = connect($sql);
>> >> if ($result){
>> >> return $pass;
>> >> }else{
>> >> change_password($id, $password);
>> >> }
>> >>}//end function
>> >>[/code]
>> >>
>> >>
>> >>bastien
>> >>
>> >>
>> >>
>> >> >From: "moses Woldeselassie"
><mmoses@hotmail.com>
>> >> >To: php-db@lists.php.net
>> >> >Subject: [PHP-DB] MySQLPHP decrypt(password)
>> >> >Date: Fri, 25 Feb 2005 10:20:55 +0000
>> >> >
>> >> >hi all
>> >> >
>> >> >I am using password() to crypt a user password
>online. but how do i decrypt a user password, when user forgot his/her
>password?
>> >> >
>> >> >
>> >> >kind regards
>> >> >m
>> >> >
>> >> >--
>> >> >PHP Database Mailing List (http://www.php.net/)
>> >> >To unsubscribe, visit:
>http://www.php.net/unsub.php
>> >> >
>> >>
>> >
>>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php