Page 1 of 1
password decode help
Posted: Sun Jun 13, 2004 6:09 pm
by loongest
$sql = "select password from login where email = '".$email."' ";
$result = mysql_query($sql);
if($row = mysql_fetch_array($result))
{
//note $pass = "decode( '".$row["password"]."' , $pass)";
}
how can i decode the password ? i dont knw where goes wrong but the password i receive still encode
Posted: Sun Jun 13, 2004 6:35 pm
by markl999
How was it encoded in the first place? i.e How are passwords inserted into the database?
Posted: Sun Jun 13, 2004 7:29 pm
by snpo123
Once it has been encoded from mysql, it cant ever go back. (at least not that I know of) Thats why I never encrypt passwords in mysql

Posted: Sun Jun 13, 2004 7:31 pm
by Yonderknight
How come there is a double quote inside the first double quote? Won't that end the first statement and start another one?
Posted: Sun Jun 13, 2004 7:34 pm
by markl999
encoded from mysql
? Define that. How are you initially putting the passwords in the database?
Posted: Sun Jun 13, 2004 8:20 pm
by loongest
$query = "insert into login values('".$customerid."','".md5($password)."','".$email."')";
$result = mysql_query($query);
Posted: Sun Jun 13, 2004 8:24 pm
by markl999
ok, so you've used md5() to hash the password, which is ok, just means you can't 'de-hash' it as it's one way.
What you need to do is compare the md5() of the password the user supplies against the password in the db.
E.g.
if($row['password'] == md5($_POST['thepassword'])){
//ok
} else {
//not ok
}
That presumes the password the user supplies is coming from a form post, but you get the idea ? :0
Posted: Sun Jun 13, 2004 8:30 pm
by loongest
The problem is i need use for password retrieve module, so how can i generate back to oringinal password and sent to the user ?
Posted: Sun Jun 13, 2004 8:32 pm
by markl999
You can't. The best way is to send them a new password that's autogenerated.
Posted: Sun Jun 13, 2004 8:38 pm
by loongest
ok thanks
Posted: Sun Jun 13, 2004 8:41 pm
by loongest
1 more question, how to use of random function to generate 9 digit ?
and store it in a string ?
Posted: Sun Jun 13, 2004 8:43 pm
by John Cartwright
This can be found @ php.net/rand
Code: Select all
<?php
Yet another random password generator, but this one creates readable/pronounceable passwords...
<?php
function randompass()
{
$rand_pass = ''; // makes sure the $pass var is empty.
for( $j = 0; $j < 3; $j++ )
{
$startnend = array(
'b','c','d','f','g','h','j','k','l','m','n',
'p','q','r','s','t','v','w','x','y','z',
);
$mid = array(
'a','e','i','o','u','y',
);
$count1 = count( $startnend ) - 1;
$count2 = count( $mid ) - 1;
for( $i = 0; $i < 3; $i++)
{
if( $i != 1 )
{
$rand_pass .= $startnend[rand( 0, $count1 )];
}
else
{
$rand_pass .= $mid[rand( 0, $count2 )];
}
}
}
return $rand_pass;
}
$rand_pass = randompass();
echo '<p>pass: <strong>' . $rand_pass . '</strong></p>';
echo '<p>md5: <strong>' . md5( $rand_pass ) . '</strong></p>';
?>
Some examples are:-
pohyerdib
kibkudjam
fizvoszeb
jyshevram
Easy to remember (since it's basically 3, 3 letter words)
I've put a y in the list of vowels since it works well as a middle letter in the 3 letter words.
This is excellent for a random password generator for a 'forgot password' type function.
?>