Reignfire Posted January 15, 2013 Share Posted January 15, 2013 Hi, I need to find a password of a user in my database but it's encrypted. When you create a new user in the form it's like this in the script: $query = "INSERT INTO userID (ID,user_id,first_name,last_name,email,pwd) VALUES(NULL,\"$user_id\",\"$first\",\"$last\",\"$email\",ENCODE(\"$pw\",\"MD5\"))"; ENCODE(\"$pw\",\"MD5\") When i look in my database it says: «C³(8›˜´ How can i get the right password. It's my own database and my own password that i forget. Quote Link to comment Share on other sites More sharing options...
stijn0713 Posted January 15, 2013 Share Posted January 15, 2013 (edited) seems like the encode() function is a user-defined function in which you use the md5 hash algorithm... Per definition by a hash you can't recover the input anymore. (unless you'll try to hack it with rainbow tables for example). If it is encrypted on the contrary, you should use a privat key to find the encrypted password. So try to look an the encode() function... In this case however, i think you lost it... Edited January 15, 2013 by stijn0713 Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 (edited) https://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encode That said, saving a password like that should never be done and is just as bad as saving it as clear-text! I strongly recommend that you read this article about secure login systems, and implement a proper password hashing systems. So that you can protect your users, for when (yes, when) your user DB gets attacked; Always prepare for the worst case scenario, then it will only be an annoyance instead of a full out crisis, when it does happen. Edited January 15, 2013 by Christian F. Quote Link to comment Share on other sites More sharing options...
TRI0N Posted January 15, 2013 Share Posted January 15, 2013 Your best bet is to just use this: http://www.adamek.biz/md5-generator.php Type in a new password and get the MD5 and replace the old one with the new one generated. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 That's not going to work, TRI0N. The stored password is not a MD5 hash string, but an encrypted binary blob. Read the link I posted for more details. Quote Link to comment Share on other sites More sharing options...
cpd Posted January 15, 2013 Share Posted January 15, 2013 (edited) Excuse me if this is ridiculously simple but if I understand you right this is your database, your password, your username. Even if you've forgotten both username and password surely you can search for your first name, last name or email then write an UPDATE script encoding the password, as per Christians post, updating the row of your email/first name & last name/id; then log in with your new password... Edited January 15, 2013 by cpd Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.