MySQL Password function, more of a PHP realted question thou

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
smoky989
Forum Commoner
Posts: 41
Joined: Mon Sep 02, 2002 1:14 pm

MySQL Password function, more of a PHP realted question thou

Post by smoky989 »

OK here's my problem of the day. I have passwords entered into a database and I'm encrytpting them with mysql's password function. Works fine. When a user logs in the password is checked. I have to use the password function again to verify the two passwords both of which are now encrypted are the same. Works no problem.

I ran into a problem though in my forgot password form. I have the user enter their email address and if the address exists in the database their password is sent to them. However it sends the encrypted password because I can not use the password function in PHP. Does anyone know of a way I can have the decrypted password sent to the user instead of having them change it each time they forget it? Let me know and thanks in advance? I love this place.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

http://www.mysql.com/doc/en/Miscellaneo ... PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead.[/quote]But you may setup a new random password and send this like "you forgot your password? Here's a new one". Annoying if anyone can trigger that ;)
Post Reply