Jump to content

please help. !!

georgebates

By georgebates
in PHP Coding Help

 Share

Recommended Posts

georgebates Member

georgebates

Posted
Posted

Hi there,

 

I got this login/registration script from a website and it encrypts the passwords before entering them into the database. I am making a lost password section and need to decrypt the password now but im not sure how too.

 

This is the code that they use to encrypt the password:

 

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

Link to comment
Share on other sites
rajivgonsalves Newbie

rajivgonsalves

Posted
Posted

for reset a password you create a table that stores the req, say

 

username, request_hash

 

request hash will be something you generate, like md5(time().$username) or any combination store it in the database, make another page to handle password reset, send a link to the user in his/her email something like reset.php?hash=request_hash

 

once the user comes to your reset page check for which user does the hash exists for, give him/her a prompt to enter existing password and new password, check the existing password with the database (same as you did with login) if it checks out correct change the password.

 

hope the explaining was useful

Link to comment
Share on other sites
blueman378 Advanced Member

blueman378

Posted
Posted

for reset a password you create a table that stores the req, say

 

username, request_hash

 

request hash will be something you generate, like md5(time().$username) or any combination store it in the database, make another page to handle password reset, send a link to the user in his/her email something like reset.php?hash=request_hash

 

once the user comes to your reset page check for which user does the hash exists for, give him/her a prompt to enter existing password and new password, check the existing password with the database (same as you did with login) if it checks out correct change the password.

 

hope the explaining was useful

 

Hey rajiv, long time no see,

 

anyway for a password reset you wouldnt check it against the current password as they have forgotten it. simply add a field email or something similar, basically just another identification string that is included in the url so they cant guess them

 

Link to comment
Share on other sites
FaT3oYCG Member

FaT3oYCG

Posted
Posted

what is better is to ask them for their email address or username and then send an email to the relevant email with a link to a page that will allow them to enter a new password, as thy shoudl be the only person with their email details they should be the only person with the relevant link that you send which may be checked by submiting a php page and checking the string requested from a databse which expires after so long etc.

Link to comment
Share on other sites
rajivgonsalves Newbie

rajivgonsalves

Posted
Posted

for reset a password you create a table that stores the req, say

 

username, request_hash

 

request hash will be something you generate, like md5(time().$username) or any combination store it in the database, make another page to handle password reset, send a link to the user in his/her email something like reset.php?hash=request_hash

 

once the user comes to your reset page check for which user does the hash exists for, give him/her a prompt to enter existing password and new password, check the existing password with the database (same as you did with login) if it checks out correct change the password.

 

hope the explaining was useful

 

Hey rajiv, long time no see,

 

anyway for a password reset you wouldnt check it against the current password as they have forgotten it. simply add a field email or something similar, basically just another identification string that is included in the url so they cant guess them

 

 

doing good sorry about that I totally did not see it was a forgot password lol, you could reset the password and send it some random generated password as mentioned above I think that will be the best

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.