Page 1 of 1

password decode help

Posted: Sun Jun 13, 2004 6:09 pm
by loongest
$sql = "select password from login where email = '".$email."' ";
$result = mysql_query($sql);

if($row = mysql_fetch_array($result))
{
//note $pass = "decode( '".$row["password"]."' , $pass)";
}

how can i decode the password ? i dont knw where goes wrong but the password i receive still encode

Posted: Sun Jun 13, 2004 6:35 pm
by markl999
How was it encoded in the first place? i.e How are passwords inserted into the database?

Posted: Sun Jun 13, 2004 7:29 pm
by snpo123
Once it has been encoded from mysql, it cant ever go back. (at least not that I know of) Thats why I never encrypt passwords in mysql :(

Posted: Sun Jun 13, 2004 7:31 pm
by Yonderknight
How come there is a double quote inside the first double quote? Won't that end the first statement and start another one?

Posted: Sun Jun 13, 2004 7:34 pm
by markl999
encoded from mysql
? Define that. How are you initially putting the passwords in the database?

Posted: Sun Jun 13, 2004 8:20 pm
by loongest
$query = "insert into login values('".$customerid."','".md5($password)."','".$email."')";
$result = mysql_query($query);

Posted: Sun Jun 13, 2004 8:24 pm
by markl999
ok, so you've used md5() to hash the password, which is ok, just means you can't 'de-hash' it as it's one way.
What you need to do is compare the md5() of the password the user supplies against the password in the db.
E.g.
if($row['password'] == md5($_POST['thepassword'])){
//ok
} else {
//not ok
}

That presumes the password the user supplies is coming from a form post, but you get the idea ? :0

Posted: Sun Jun 13, 2004 8:30 pm
by loongest
The problem is i need use for password retrieve module, so how can i generate back to oringinal password and sent to the user ?

Posted: Sun Jun 13, 2004 8:32 pm
by markl999
You can't. The best way is to send them a new password that's autogenerated.

Posted: Sun Jun 13, 2004 8:38 pm
by loongest
ok thanks

Posted: Sun Jun 13, 2004 8:41 pm
by loongest
1 more question, how to use of random function to generate 9 digit ?

and store it in a string ?

Posted: Sun Jun 13, 2004 8:43 pm
by John Cartwright
This can be found @ php.net/rand

Code: Select all

<?php
Yet another random password generator, but this one creates readable/pronounceable passwords...

<?php
function randompass()
{
   $rand_pass = ''; // makes sure the $pass var is empty.
   for( $j = 0; $j < 3; $j++ )
   {
       $startnend = array(
           'b','c','d','f','g','h','j','k','l','m','n',
           'p','q','r','s','t','v','w','x','y','z',
       );
       $mid = array(
           'a','e','i','o','u','y',
       );
       $count1 = count( $startnend ) - 1;
       $count2 = count( $mid ) - 1;

       for( $i = 0; $i < 3; $i++)
       {
           if( $i != 1 )
           {
               $rand_pass .= $startnend[rand( 0, $count1 )];
           }
           else
           {
               $rand_pass .= $mid[rand( 0, $count2 )];
           }
       }
   }
   return $rand_pass;
}

$rand_pass = randompass();
echo '<p>pass: <strong>' . $rand_pass . '</strong></p>';
echo '<p>md5:  <strong>' . md5( $rand_pass ) . '</strong></p>';
?>

Some examples are:-

pohyerdib
kibkudjam
fizvoszeb
jyshevram

Easy to remember (since it's basically 3, 3 letter words)

I've put a y in the list of vowels since it works well as a middle letter in the 3 letter words.

This is excellent for a random password generator for a 'forgot password' type function. 
?>