Decoding a retrieved password from mysql [answer found!]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
markusn00b
Forum Contributor
Posts: 298
Joined: Sat Oct 20, 2007 2:16 pm
Location: York, England

Decoding a retrieved password from mysql [answer found!]

Post by markusn00b »

Another day, another question. :)

I'm now onto building a login for my current project - image host.

User submits password > password is encoded
Like so:

Code: Select all

('$username', PASSWORD('$password'), '$dispName', '$email')";
Now say, if i were to email them their password, (they've forgotten it?), it would send the encoded password and not the one they input! And i'm unsure of how to Decode it.

This is just soemthing i was using to see how i could decode it, this isnt the actual way i will go about it ;)

Obviously it doesn't work..

Code: Select all

$query = "SELECT `ziprar_loginPass` FROM `ziprar_users` WHERE `ziprar_loginName` = 'markusn00b'";
$res = mysql_query($query);
while($row = mysql_fetch_array($res)){
	echo $row['PASSWORD(ziprar_loginPass)'];
}
Any ideas?

Thanks :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The PASSWORD function in MySQL is not intended for use outside of MySQL internals. This means all user created tables.
User avatar
seppo0010
Forum Commoner
Posts: 47
Joined: Wed Oct 24, 2007 4:13 pm
Location: Buenos Aires, Argentina

Post by seppo0010 »

As feyd sayd, password function is not intended to be used for your application, instead you can use MD5 or SHA1 functions. These are one-way encryption and you can't get the unencrypted value. If you want to make a "forgot your password?" you can generate a new random one, overwrite the previous pass, and send it by email. If you want to be able to decrypt it, you should use AES_ENCRYPT / AES_DECRYPT, or DES_ENCRYPT / DES_DECRYPT. You can found more information in MySQL manual http://dev.mysql.com/doc/refman/5.1/en/ ... tions.html
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'll add that there are even stronger hashing methods. One I wrote, for example (search for SHA256) .. Also, unless there's a really really good reason to be able to decrypt the passwords, never store them in a format that can be decrypted.
Post Reply