password decode help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

password decode help

Post by loongest »

$sql = "select password from login where email = '".$email."' ";
$result = mysql_query($sql);

if($row = mysql_fetch_array($result))
{
//note $pass = "decode( '".$row["password"]."' , $pass)";
}

how can i decode the password ? i dont knw where goes wrong but the password i receive still encode
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

How was it encoded in the first place? i.e How are passwords inserted into the database?
User avatar
snpo123
Forum Commoner
Posts: 77
Joined: Sat Apr 17, 2004 6:31 pm

Post by snpo123 »

Once it has been encoded from mysql, it cant ever go back. (at least not that I know of) Thats why I never encrypt passwords in mysql :(
Yonderknight
Forum Commoner
Posts: 31
Joined: Sun Jun 13, 2004 6:51 pm

Post by Yonderknight »

How come there is a double quote inside the first double quote? Won't that end the first statement and start another one?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

encoded from mysql
? Define that. How are you initially putting the passwords in the database?
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

Post by loongest »

$query = "insert into login values('".$customerid."','".md5($password)."','".$email."')";
$result = mysql_query($query);
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

ok, so you've used md5() to hash the password, which is ok, just means you can't 'de-hash' it as it's one way.
What you need to do is compare the md5() of the password the user supplies against the password in the db.
E.g.
if($row['password'] == md5($_POST['thepassword'])){
//ok
} else {
//not ok
}

That presumes the password the user supplies is coming from a form post, but you get the idea ? :0
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

Post by loongest »

The problem is i need use for password retrieve module, so how can i generate back to oringinal password and sent to the user ?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

You can't. The best way is to send them a new password that's autogenerated.
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

Post by loongest »

ok thanks
loongest
Forum Commoner
Posts: 25
Joined: Wed Apr 07, 2004 12:23 pm

Post by loongest »

1 more question, how to use of random function to generate 9 digit ?

and store it in a string ?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

This can be found @ php.net/rand

Code: Select all

<?php
Yet another random password generator, but this one creates readable/pronounceable passwords...

<?php
function randompass()
{
   $rand_pass = ''; // makes sure the $pass var is empty.
   for( $j = 0; $j < 3; $j++ )
   {
       $startnend = array(
           'b','c','d','f','g','h','j','k','l','m','n',
           'p','q','r','s','t','v','w','x','y','z',
       );
       $mid = array(
           'a','e','i','o','u','y',
       );
       $count1 = count( $startnend ) - 1;
       $count2 = count( $mid ) - 1;

       for( $i = 0; $i < 3; $i++)
       {
           if( $i != 1 )
           {
               $rand_pass .= $startnend[rand( 0, $count1 )];
           }
           else
           {
               $rand_pass .= $mid[rand( 0, $count2 )];
           }
       }
   }
   return $rand_pass;
}

$rand_pass = randompass();
echo '<p>pass: <strong>' . $rand_pass . '</strong></p>';
echo '<p>md5:  <strong>' . md5( $rand_pass ) . '</strong></p>';
?>

Some examples are:-

pohyerdib
kibkudjam
fizvoszeb
jyshevram

Easy to remember (since it's basically 3, 3 letter words)

I've put a y in the list of vowels since it works well as a middle letter in the 3 letter words.

This is excellent for a random password generator for a 'forgot password' type function. 
?>
Post Reply