forgot my password
Moderator: General Moderators
-
matecocido
- Forum Newbie
- Posts: 6
- Joined: Wed Feb 26, 2003 4:59 pm
- Location: Buenos Aires
forgot my password
How can I decrypt a password made using password() to send the famous mail with "your passowrd is ...". Sorry, I'm talking about MySQL. Anyway, can someone answer me?
Thanks buddies!
Thanks buddies!
right, therefor this topic is here nowSorry, I'm talking about MySQL
http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1340
sorryPASSWORD() encryption is non-reversible.
But if you have another account with proper permission you might simply overwrite the old password
http://www.mysql.com/documentation/mysq ... #Passwords
-
matecocido
- Forum Newbie
- Posts: 6
- Joined: Wed Feb 26, 2003 4:59 pm
- Location: Buenos Aires
you're looking for encryption. md5 and sha1 are hashs that are non-reversible, too
http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1349
http://www.mysql.com/doc/en/Miscellaneous_functions.html#IDX1349
Hope your mysql-version is up to itAES_ENCRYPT() and AES_DECRYPT() were added in version 4.0.2
-
matecocido
- Forum Newbie
- Posts: 6
- Joined: Wed Feb 26, 2003 4:59 pm
- Location: Buenos Aires
I recommend:
You have a field in your table which contains a code if they are requesting a password, this field is cleared on login, and is set on requesting password, it is set with a random value that is emailed, then the email sends them to the site to get it checked, if they got the right code they can specifiy a new password to be used that will overwrite the old.
You have a field in your table which contains a code if they are requesting a password, this field is cleared on login, and is set on requesting password, it is set with a random value that is emailed, then the email sends them to the site to get it checked, if they got the right code they can specifiy a new password to be used that will overwrite the old.
for me... the best solution is probably the first one....
over-write it.
on my site.... we found that the average user wasnt mature enough to do it however (they were getting new passwords mailed to everyone and anyone) so we have a new-password script that over writes a users pass and mails it to them that is only accessible by admins....
quick easy and simple... but remember to use a prefix for your encryptions
Of course, you cant retreive the password after this is done... but would you want to give that much power to someone?
over-write it.
on my site.... we found that the average user wasnt mature enough to do it however (they were getting new passwords mailed to everyone and anyone) so we have a new-password script that over writes a users pass and mails it to them that is only accessible by admins....
quick easy and simple... but remember to use a prefix for your encryptions
Code: Select all
<?php
$prefix = 'put here unpredictable string';
$pass = $prefix . $pass;
$pass = md5($pass);
?>- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
-
matecocido
- Forum Newbie
- Posts: 6
- Joined: Wed Feb 26, 2003 4:59 pm
- Location: Buenos Aires