forgot my password

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
matecocido
Forum Newbie
Posts: 6
Joined: Wed Feb 26, 2003 4:59 pm
Location: Buenos Aires

forgot my password

Post by matecocido »

How can I decrypt a password made using password() to send the famous mail with "your passowrd is ...". Sorry, I'm talking about MySQL. Anyway, can someone answer me?
Thanks buddies!
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Sorry, I'm talking about MySQL
right, therefor this topic is here now

http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1340
PASSWORD() encryption is non-reversible.
sorry ;)
But if you have another account with proper permission you might simply overwrite the old password
http://www.mysql.com/documentation/mysq ... #Passwords
matecocido
Forum Newbie
Posts: 6
Joined: Wed Feb 26, 2003 4:59 pm
Location: Buenos Aires

Post by matecocido »

Thank you volka. I read what you prompted and saw that I was using the wrong function. I'll use some of the others functions for my users, such as md5(), sha1() or aes_encrypt() which do have an decrypt equivalent.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you're looking for encryption. md5 and sha1 are hashs that are non-reversible, too
http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1349
AES_ENCRYPT() and AES_DECRYPT() were added in version 4.0.2
Hope your mysql-version is up to it ;)
matecocido
Forum Newbie
Posts: 6
Joined: Wed Feb 26, 2003 4:59 pm
Location: Buenos Aires

Post by matecocido »

So I should use encode()/decode().
It's not so secure I supose, but it's the only option I have If I want to be able to decode. I'm using version 3.23.53. Am I right? :?
ReDucTor
Forum Commoner
Posts: 90
Joined: Thu Aug 15, 2002 6:13 am

Post by ReDucTor »

I recommend:

You have a field in your table which contains a code if they are requesting a password, this field is cleared on login, and is set on requesting password, it is set with a random value that is emailed, then the email sends them to the site to get it checked, if they got the right code they can specifiy a new password to be used that will overwrite the old.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

If all else fails, create your own encryption system. This idea might have it's opposition, but it's safe as long as you keep the decrypton source function safe.

:wink:
Coco
Forum Contributor
Posts: 339
Joined: Sat Sep 07, 2002 5:28 am
Location: Leeds, UK
Contact:

Post by Coco »

for me... the best solution is probably the first one....
over-write it.

on my site.... we found that the average user wasnt mature enough to do it however (they were getting new passwords mailed to everyone and anyone) so we have a new-password script that over writes a users pass and mails it to them that is only accessible by admins....

quick easy and simple... but remember to use a prefix for your encryptions :P

Code: Select all

<?php

$prefix = 'put here unpredictable string';
$pass = $prefix . $pass;
$pass = md5($pass);
?>
Of course, you cant retreive the password after this is done... but would you want to give that much power to someone?
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

most places email you a confirmation email and then if you accept a new password is written...
matecocido
Forum Newbie
Posts: 6
Joined: Wed Feb 26, 2003 4:59 pm
Location: Buenos Aires

Post by matecocido »

:D
hello, I spent some days without logging.Now I see many usefull suggestions. I am not sure wich one I'll finally use. may be I'll overwrite the old password or I can have my own encryption algorithm, but I want to thank you all for your support and advice.
Post Reply