Forgot password

[SUNIL16]

Hello friends,

 

I am using MD5 function for storing members password while registering. Now i want send them password if the forget it. For this i am again using MD5(password) to get the real password not encrypted. But i am not getting the real password what they given at the time of registering.

 

below is my code for sending passwor

 

<?php
require "config.php"; 
if ($_POST['Submit']=='Send')
{
$host = $_SERVER['HTTP_HOST'];
$rs_search = mysql_query("select username,password,email from users where email='$_POST[email]'");
$user_count = mysql_num_rows($rs_search);

if ($user_count != 0)
{
$result = mysql_query("select username,password from users where email='$_POST[email]'");
$row=mysql_fetch_array($result);
$username=$row['username'];
$sendpass=md5($row['password']);

$host = $_SERVER['HTTP_HOST'];

$message = 
"You have requested login details from $host. Here are the login details...\n\n
User Name: $username \n
Password: $sendpass\n
____________________________________________
*** LOGIN ***** \n
To Login: http://$host/login.php \n\n
_____________________________________________
Thank you. This is an automated response. PLEASE DO NOT REPLY.
";

mail($_POST['email'], "Your Login Details", $message,
    "From: \"Auto-Response\" <admin@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());

 

here i am not getting the original password in variable $sendpass what is the reason?

[Mchl]

MD5 is a one way hashing function. You cannot decrypt anything that's been hashed with it. Instead you should generate a random new password and send it to user so that they can log in, and set their own password.

[SUNIL16]

Thanks man i really had that doubt its cleared. Thanks once again for ur reply..