When showing user admin page - Password Question

[shaggycap]

I'm building a user admin section on my CMS, and have a page showing the details of a user that you can edit.

I can't just display the password field as its an MD5 hash, so what would be the best approach here? Obviously I can't decode it so I wondered how you dealt with something like this?

[448191]

Well, don't.

Allow for resetting, not displaying.

[Daniel0]

Make some sort of "leave empty to not change" sort of field. Check if anything is entered into it, and if there is, then change it (you should possibly make a typing error check and a "current password" check).

[steelmanronald06]

Or just not MD5 your password, which is highly ill advised.

[Daniel0]

[quote author=steelmanronald06 link=topic=117581.msg480844#msg480844 date=1165538527]
Or just not MD5 your password, which is highly ill advised.
[/quote]

S/he already did ;)

[Jenk]

Admins have no reason, what so ever, to need to view a users password.

A password is for that user alone, and [b]no one[/b] else.

[steelmanronald06]

Yeah. I mean we can view our members passwords here at PHPFreaks, but we don't because it is never needed.......


April Fools!  Hmm.....not april! Damn!  Oh well.  The point is, don't do it. Because some people use one password for EVERYTHING

[Albright]

[quote author=steelmanronald06 link=topic=117581.msg480844#msg480844 date=1165538527]
Or just not MD5 your password, which is highly ill advised.
[/quote]
I suspect this might be some sort of twisted sarcasm, but if it isn't, would you care to explain why it's a good idea to store passwords in plain text?

[Eric_Ryk]

[quote author=Albright link=topic=117581.msg485135#msg485135 date=1166141029]
[quote author=steelmanronald06 link=topic=117581.msg480844#msg480844 date=1165538527]
Or just not MD5 your password, which is highly ill advised.
[/quote]
I suspect this might be some sort of twisted sarcasm, but if it isn't, would you care to explain why it's a good idea to store passwords in plain text?
[/quote]He said that it was ill advised, meaning he's saying its a bad thing to do.

[Albright]

I understand that. What I'm asking is why he thinks MD5ing passwords is a bad thing to do. Sure, SHA1 is better, but I don't think that's what he means, from context...

[Jenk]

MD5 is the most common, thus it is the most attacked. There are more rainbow tables for MD5 than any other hash.

PHP has a massive selection of hashing algorthyms to choose from, fyi.

[Daniel0]

Take a look at [url=http://php.net/mcrypt]mcrypt[/url]

[448191]

[quote author=Daniel0 link=topic=117581.msg485297#msg485297 date=1166166677]
Take a look at [url=http://php.net/mcrypt]mcrypt[/url]
[/quote]

Mcrypt has decryptable algorithms, not hashes. For passwords use hashes.

http://nl2.php.net/manual/en/ref.hash.php

[Jenk]

there is also http://php.net/crypt, but the above is preffered.

[redbullmarky]

semi- on-topic, if one decided to drop MD5 from their sites and port to a new type of encryption, am i right in thinking that you'd need to prompt the user for a new password that would be encrypted in the new method? or am I missing an easy way?

[Jenk]

not necessarily..
[code]<?php

if (sha1($password . $salt) !== $passwordFromDB)
{
    if (md5($password . $salt) !== $passwordFromDB)
    {
        die('password incorrect');
    }
    else
    {
        $passwordFromDB = sha1($password . $salt);
    }
}

echo 'Welcome';

?>[/code]

edit: removed false-false.

[Albright]

I think you want to remove those ! from before sha1 or md5, but yeah, that should work; just transparently re-hash the password if the old hash algorithm shows that it is correct.

One thing to keep in mind is that md5() creates a string of 32 characters, and sha1() creates 40 characters. If you've set up the password field in your database to only hold 32 characters, you should modify it first to fit all 40 characters that a sha1() call will give you.