graham23s Posted December 4, 2008 Share Posted December 4, 2008 Hi Guys, currently on one of my sites i don't encrypt the users password before entering it into MYSQL, i was going to add the md5 function now! but i have a "recover password" form that retrieves it from MYSQL, but if they do that after i change the md5 it will come back encrypted! is there any way i can un encrypt when/if a password recovery is asked for? thanks for any info Graham Link to comment https://forums.phpfreaks.com/topic/135475-encrypting-passwords/ Share on other sites More sharing options...
trq Posted December 4, 2008 Share Posted December 4, 2008 There is no way to undo an md5. For password recovery you will need to reset the password to a new temporary value, give it to the user then tell them to login and change there passowrd. Link to comment https://forums.phpfreaks.com/topic/135475-encrypting-passwords/#findComment-705783 Share on other sites More sharing options...
GKWelding Posted December 4, 2008 Share Posted December 4, 2008 Technically, MD5 is a hash not encryption. If you encrypted the password using an encryption alogrythm with an encryption key, as long as you had the encryption key stored somewhere safe where your scripts could access it then technically you could decrypt the password. However, the far simpler method is just to MD5 it so it isn't in plain text and have the user reset the password as thorpe suggests. Link to comment https://forums.phpfreaks.com/topic/135475-encrypting-passwords/#findComment-705809 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.