Reignfire Posted January 15, 2013 Share Posted January 15, 2013 Hi, I need to find a password of a user in my database but it's encrypted. When you create a new user in the form it's like this in the script: $query = "INSERT INTO userID (ID,user_id,first_name,last_name,email,pwd) VALUES(NULL,\"$user_id\",\"$first\",\"$last\",\"$email\",ENCODE(\"$pw\",\"MD5\"))"; ENCODE(\"$pw\",\"MD5\") When i look in my database it says: «C³(8›˜´ How can i get the right password. It's my own database and my own password that i forget. Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/ Share on other sites More sharing options...
stijn0713 Posted January 15, 2013 Share Posted January 15, 2013 seems like the encode() function is a user-defined function in which you use the md5 hash algorithm... Per definition by a hash you can't recover the input anymore. (unless you'll try to hack it with rainbow tables for example). If it is encrypted on the contrary, you should use a privat key to find the encrypted password. So try to look an the encode() function... In this case however, i think you lost it... Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/#findComment-1405820 Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 https://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encode That said, saving a password like that should never be done and is just as bad as saving it as clear-text! I strongly recommend that you read this article about secure login systems, and implement a proper password hashing systems. So that you can protect your users, for when (yes, when) your user DB gets attacked; Always prepare for the worst case scenario, then it will only be an annoyance instead of a full out crisis, when it does happen. Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/#findComment-1405829 Share on other sites More sharing options...
TRI0N Posted January 15, 2013 Share Posted January 15, 2013 Your best bet is to just use this: http://www.adamek.biz/md5-generator.php Type in a new password and get the MD5 and replace the old one with the new one generated. Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/#findComment-1405927 Share on other sites More sharing options...
Christian F. Posted January 15, 2013 Share Posted January 15, 2013 That's not going to work, TRI0N. The stored password is not a MD5 hash string, but an encrypted binary blob. Read the link I posted for more details. Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/#findComment-1405954 Share on other sites More sharing options...
cpd Posted January 15, 2013 Share Posted January 15, 2013 Excuse me if this is ridiculously simple but if I understand you right this is your database, your password, your username. Even if you've forgotten both username and password surely you can search for your first name, last name or email then write an UPDATE script encoding the password, as per Christians post, updating the row of your email/first name & last name/id; then log in with your new password... Link to comment https://forums.phpfreaks.com/topic/273185-how-to-find-encoded-password/#findComment-1405979 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.