oliverj777 Posted August 26, 2010 Share Posted August 26, 2010 Hello, My user login script saves their passwords into my SQL in a md5 encryption. I am currently working on a 'forgot password' that sends the password to their email. The code that pulls out the password is this: echo $req_user_info['pass']; Now is there a way to decrypt the 'pass' (currently nothing is displayed - not even the encryption code) Please help - Ollie Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 26, 2010 Share Posted August 26, 2010 No, md5 cannot be decrypted. What you should do instead is reset their current password with a new one, which will contain a bunch of random letters/numbers etc. They then use this new password to login to their account. Quote Link to comment Share on other sites More sharing options...
oliverj777 Posted August 26, 2010 Author Share Posted August 26, 2010 Okay - Is there a way to find out how many characters the password has? (for a different purpose) -- I would like to display their password on a 'manage user page' like so: ***** - so I would only be retrieving a character count, and using that figure to place the ** accordingly?? Cheers Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 26, 2010 Share Posted August 26, 2010 LOL, since md5() isn't encryption, there is no way to decrypt it. It is a one-way hash (checksum.) Quote Link to comment Share on other sites More sharing options...
oliverj777 Posted August 26, 2010 Author Share Posted August 26, 2010 Humm, okay. What would be the code for counting ($count) how many characters their are in a text field then? -- then to echo it... This is what I want ... $word = "hello" $count = How many characters in $word. echo $count Quote Link to comment Share on other sites More sharing options...
MadTechie Posted August 26, 2010 Share Posted August 26, 2010 Don't display the password length either.. that also reduces the security ! just have the * as 8 chars no matter of the length Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted August 26, 2010 Share Posted August 26, 2010 You cant md5 is a one way only hash that results in a hash with the same length for anything. If you have access to the database (which i assume you have, otherwise how do you know the hashed pwd? ) In that case hash a new pwd and put it directly in the row of your database. You cant decrypt it. thats the whole idea. Google for rainbowtable md5 cracking if you wanna try it anyways. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.