ayok Posted May 11, 2008 Share Posted May 11, 2008 Hi, I've got a question about user password. What I mean is that an admin table (for example) which contain passwords for all admins. I use password('password') statement to insert a password from registered form. So for example, a user has insert a new password "newpassword" it will show in mysql table as *667072648CC4B683F6292F5DB1556. The problem is, how can I view the real password if they forgot their own password? Thank you, ayok Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/ Share on other sites More sharing options...
mezise Posted May 11, 2008 Share Posted May 11, 2008 MySQL PASSWORD() function is one way encryption. If you did not saved the password in uncoded way in other place or you do not have enough powerful computer and algorithm to break encoded password - you cannot view the real password. Common way in such situation is sending to user a newly generated password by email and allowing him to change it by himself. Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-538222 Share on other sites More sharing options...
ayok Posted May 11, 2008 Author Share Posted May 11, 2008 Hi mezise, Like this forum, if you forget your own password, you can write your email, then the script send you your password. How can you do that? Should i make two user tables? Is that why we sometimes are asked to retype password? Thanks, ayok Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-538259 Share on other sites More sharing options...
mezise Posted May 11, 2008 Share Posted May 11, 2008 Usually when user registers he is requested to fill his email address and password (retyping password is to be sure that you typed correct password). Then application sends email to the user with link that activates user account. The same email is used to send a new password if user request for it. That is typical way. To save email address just add a new column to users table. Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-538274 Share on other sites More sharing options...
mjcoco Posted May 11, 2008 Share Posted May 11, 2008 The easiest way around that is to send a new randomly generated password to the users email address and force them on first relogin to change their password. Once they have changed their password re-encrypt and start the process all over. (if they forget thier password again). Im sure there is a way around it, i use $md5pass, and thats the only way i know how to get around it. Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-538333 Share on other sites More sharing options...
fenway Posted May 12, 2008 Share Posted May 12, 2008 PASSWORD() is not meant for public use -- it's MySQL's internal hash algorithm. Use MD5() or equivalent instead. Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-539305 Share on other sites More sharing options...
mezise Posted May 12, 2008 Share Posted May 12, 2008 If we go into this subject SHA1() is even more secure replacement. Link to comment https://forums.phpfreaks.com/topic/105119-to-inform-user-password/#findComment-539327 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.