Page 1 of 1
[SOLVED] Retrieve user password
Posted: Tue Apr 18, 2006 1:33 am
by tristanlee85
When a user registers, the password is encrypted as a MD5 hash. If I user forgets his/her password, I created a form to enter in some creditdentals to retrieve the password, but when I retrieve it, it shows the MD5 hash. How do I get this to the regular password?
Posted: Tue Apr 18, 2006 1:37 am
by shiznatix
you cant. md5 is a one way ticket. you should change their password to somthing simple, md5 that and overwrite the old value in the database then email them their new password.
Posted: Tue Apr 18, 2006 1:41 am
by tristanlee85
That's the thing. I mean, this website isn't something that has truely personal information so maybe I don't need to use MD5 anyway...but I'd like to. My problem is I can't get sendmail to work right on my Linux box so I'm not able to send anything.
I guess what I could do was create a link where they enter in their name and e-mail address and their password would update to something different and display on the screen. Like I said, security really isn't an issue, but I just wanted to toy around with the MD5 encryption.
Posted: Tue Apr 18, 2006 8:07 am
by feyd
The problem is most people resuse passwords. So passwords should, for the benefit and security of users, always be stored hashed. I would suggest you create a password "reset" facility or alternate path that they can use to log in.
Although I would suggest getting sendmail or an SMTP mailer such as
phpMailer up first as being able to email is slightly important for most web applications.
Posted: Tue Apr 18, 2006 6:34 pm
by tristanlee85
phpMailer was the perfect solution. I got it working perfect now. If they forget their password, they enter in their username and e-mail address and it e-mails a temporary password. Then, once they login, it checks the password to see if it's the temp password or not. If so, they have to create a new one.