Jump to content

decrypt md5 password for viewing

searls03

By searls03
in PHP Coding Help

 Share

Recommended Posts

Bl4ckMaj1k Member

Bl4ckMaj1k

Posted
Posted

If I am not mistaken MD5 is a one way street brother. Once hashed, thats it. Even brute forcing won't give you the original value back.

 

If you are looking to display on a 'Forgot Password' page, I suggest generating a random password. You wouldn't want a page displaying password data anyway. Definitely not safe. Hope this helps!!

 

Bl4ck Maj1k

Bl4ckMaj1k Member

Bl4ckMaj1k

Posted
Posted

Wow.....I can't for the life of me see how that is possible....they must have some sort of function that they personally built in.

 

Sorry for the bad info on my part then. Apparently there is a way. If you find PLEASE post because now my curiosity is at its highest point LOL.

searls03 Advanced Member

searls03

Posted
  • Author
Posted

with what they had given me, they had to actually have the decrypted one put in first and then it had to encrypt it, then you could go back and decrypt it..........I am looking for a way just to pull it from database and decrypt it that  way.......

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

@CLUEL3SS, here's what you get from a site like that for most entered values -

 

Sorry, this MD5 hash wasn't found in our database

 

And frankly, sites like that WANT you to enter an actual MD5 value of your password or enter your real password as a test because they have your IP address from the HTTP request and they can now try to take over your router or any of the web applications you might be hosting at your IP address.

Bl4ckMaj1k Member

Bl4ckMaj1k

Posted
Posted

Personally I wouldn't recomment going backwards in the first place. It was my understanding that MD5 hashing was made as a security precaution. It ENCRYPTS so people won't be able to see what the original string was, not even the database admin. If you can just go in and DECRYPT it, then the security is thrown out of the window if you ask me.....

 

Bl4ck Maj1k

Bl4ckMaj1k Member

Bl4ckMaj1k

Posted
Posted

EDIT:

 

I just thought of a MUCH easier way to check old password. Do it as if they were logging into a system. Below is an example assuming that the old password field in the form is called 'old_password'.

 

$old_password = $_POST['old_password']; 
//this captures what the user typed into the old_password form field and stores it into our local php variable $old_password

$sql = mysql_query("SELECT * FROM myMembers WHERE password='$old_password'");
//This says to query the database and ensure the old password matches the one you typed into the form

$password_check = mysql_num_rows($sql);
//This variable will help us check as to whether or not our passwords match

if ($password_check < 1) {
       $errorMsg = 'ERROR';
       echo $errorMsg;
} else {
   //Run the rest of the form
}

 

==========================================================================

==========================================================================

 

Thats simple. Just MD5 their old password. For example:

 

OLD PASSWORD

Here you would just $POST['password']; and check the database to ensure its a replica.

You can use a line like this one:

$sql_password_check = mysql_query("SELECT id FROM myMembers WHERE password='$password' LIMIT 1");
$password_check = mysql_num_rows($sql_password_check);

 

Then you need a condition statement that calculates whether or not an identical field exists or not. This can be done with a simple if as seen below:

if ($password_check == ""){ 
	$errorMsg = "ERROR";
                exit ();
}

 

So now before we get to the portion with our New Password entry, we have to pass the test of matching passwords. If all is good, we move down to our Else condition as seen below:

 

NEW PASSWORD

else {
    $_POST['new_password1'];
   //Enter all the rest of your form data parsing stuff from the form here.
}

CONFIRM NEW PASSWORD

Here you would just make sure that the Password the user just typed matches the one in $_POST['new_password1'];

A simple 'if' condition would suffice.

 

Overall, my point is that MD5 is NOT necessary here at all. All you need is a simple form and a couple of if conditions and you are good to go. If a user FORGETS their password, there are several fields in the database you can use as test questions to ensure user is who he says he is. The easiest way to do this is have an email sent to their registered account. From the link in that email, take them to a confirm identity page. From there, after they've confirmed their identity, take them to a create new password page. Then viola!! Still no need for MD5 decryption. Just keep in mind that MD5 is to help people encrypt and stop people from decrypting. Hope this helps!!

 

Bl4ck Maj1k

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.