OilSheikh Posted May 26, 2007 Share Posted May 26, 2007 Hi, I have a registration code by which user registers and his chosen password is stored in MD5 format in the database. Now, I have coded a FORGOT YOUR PASSWORD? script which sends the user the password to his e-mail address. Thing is PHP sends the MD5ed password. How can I get it to send a unMD5ed password? Thanks. Here is part of the code $email=$_POST['email']; $sql="SELECT password FROM customer WHERE email = '$email'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count == 1) { $rows=mysql_fetch_array($result); $pass=$rows['password']; ######### SEND THE PASSWORD TO THE E-MAIL SUPPLIED ########## $to = $email; $subject = 'Your Account Password at Express PC Sales '; $message = " Here is the Password for your Account at Express PC Sales. Your password is $pass . Regards, Team @ Express PC Sales "; $headers = 'From: Express PC Sales <zahidworld@hotmail.com> '; $sentmail = mail($to, $subject, $message, $headers); And here's the mail sent. From : Express PC Sales <zahidworld@hotmail.com> Sent : 26 May 2007 23:12:02 To : zahidworld@hotmail.com Subject : Your Account Password at Express PC Sales | | | Inbox Here is the Password for your Account at Express PC Sales. Your password is 81dc9bdb52d04dc20036dbd8313ed055 . Regards, Team @ Express PC Sales Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/ Share on other sites More sharing options...
penguin0 Posted May 26, 2007 Share Posted May 26, 2007 you can't deMD5 anything, that is the point. Best thing is to set up security questions, and make it so they reset their password. Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/#findComment-262332 Share on other sites More sharing options...
OilSheikh Posted May 27, 2007 Author Share Posted May 27, 2007 I just did something else. Quite cheeky actually... lol I put this in the E-mail message : $message = " Here is the Password for your Account at Express PC Sales. Your encrypted password is $pass . Please visit - www.md5encryption.com - to decrypt the above encrypted password and obtain your actual password. Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/#findComment-262336 Share on other sites More sharing options...
MadTechie Posted May 27, 2007 Share Posted May 27, 2007 Quite cheeky actually yeah if your not using salt which in turn means your users will know you have an insecure system! Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/#findComment-262338 Share on other sites More sharing options...
OilSheikh Posted May 27, 2007 Author Share Posted May 27, 2007 Oh well ... I could always tell them this is done as a Security reason. Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/#findComment-262351 Share on other sites More sharing options...
penguin0 Posted May 27, 2007 Share Posted May 27, 2007 It wouldn't decrypt anything in my databases thankfully... Quote Link to comment https://forums.phpfreaks.com/topic/53108-solved-decrypting-md5-and-mailing-password/#findComment-262353 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.