[SOLVED] Retrieve user password

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

[SOLVED] Retrieve user password

Post by tristanlee85 »

When a user registers, the password is encrypted as a MD5 hash. If I user forgets his/her password, I created a form to enter in some creditdentals to retrieve the password, but when I retrieve it, it shows the MD5 hash. How do I get this to the regular password?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

you cant. md5 is a one way ticket. you should change their password to somthing simple, md5 that and overwrite the old value in the database then email them their new password.
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

That's the thing. I mean, this website isn't something that has truely personal information so maybe I don't need to use MD5 anyway...but I'd like to. My problem is I can't get sendmail to work right on my Linux box so I'm not able to send anything.

I guess what I could do was create a link where they enter in their name and e-mail address and their password would update to something different and display on the screen. Like I said, security really isn't an issue, but I just wanted to toy around with the MD5 encryption.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The problem is most people resuse passwords. So passwords should, for the benefit and security of users, always be stored hashed. I would suggest you create a password "reset" facility or alternate path that they can use to log in.

Although I would suggest getting sendmail or an SMTP mailer such as phpMailer up first as being able to email is slightly important for most web applications.
tristanlee85
Forum Contributor
Posts: 172
Joined: Fri Dec 19, 2003 7:28 am

Post by tristanlee85 »

phpMailer was the perfect solution. I got it working perfect now. If they forget their password, they enter in their username and e-mail address and it e-mails a temporary password. Then, once they login, it checks the password to see if it's the temp password or not. If so, they have to create a new one.
Post Reply