Page 1 of 1

Dilema:- MySQL Password function() and Recover lost password

Posted: Sun Jun 15, 2003 3:51 am
by pistolfire99
Hello folks,
I have a dilema. I am creating a site for my community with User Authentication. Now the passwords get saved into the database using mysql's password function. here is an example of my code

Code: Select all

INSERT INTO TABLE_USER (username, password) VALUES (%s, password(%s))
This enters the encrypted password in the database, but then I have another page(script) where members can recover their lost password and sent to them via email, but the script sends them the encrypted password. Its kinda useless that way to use mysql's built in password() function.
Can anyone give me a hint or a workaround, besides using MD5 and so on.

Posted: Sun Jun 15, 2003 4:05 am
by delorian
If someone lost his/her password just generate a new one. It's a much safer way. You can't decrypt password() because the string is not encrypted but hashed (I don't know is that a correct form of that verb :D). And of course MD5 or SHA1 is a lot better than password().

But if you want do it your way try to read about mysql ENCRYPT() and DECRYPT() functions.

Posted: Sun Jun 15, 2003 7:47 am
by SBukoski
It's definitely much easier, like delorian stated, to simply change the password to something else. Send the person an e-mail stating what the new password is and they can change it back to something they WILL remember when they re-visit your site.

Posted: Sun Jun 15, 2003 9:40 am
by pistolfire99
Thank you guys for your reply. I guesss I will change my script to accomodate the new idea.
Thank You.