Page 1 of 1

MySQL Password function, more of a PHP realted question thou

Posted: Sun Jan 26, 2003 1:49 am
by smoky989
OK here's my problem of the day. I have passwords entered into a database and I'm encrytpting them with mysql's password function. Works fine. When a user logs in the password is checked. I have to use the password function again to verify the two passwords both of which are now encrypted are the same. Works no problem.

I ran into a problem though in my forgot password form. I have the user enter their email address and if the address exists in the database their password is sent to them. However it sends the encrypted password because I can not use the password function in PHP. Does anyone know of a way I can have the decrypted password sent to the user instead of having them change it each time they forget it? Let me know and thanks in advance? I love this place.

Posted: Sun Jan 26, 2003 5:49 am
by volka
http://www.mysql.com/doc/en/Miscellaneo ... PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT(). The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead.[/quote]But you may setup a new random password and send this like "you forgot your password? Here's a new one". Annoying if anyone can trigger that ;)