perezf Posted September 2, 2007 Share Posted September 2, 2007 I made this script where it shows the users their details, now how would i show them their password decrypted <?php session_start(); if(!session_is_registered('username')) { header("Location: http://localhost/practice.com/?page=log-on"); } $sessionid = $_SESSION['username']; $query = "SELECT * FROM ph_users WHERE username = '$sessionid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); ?> <p>You can View Your Infomation Below:</p> <p>Your UserName: <?php echo $row['username']; ?></p> <p>Your Password: <?php echo $row['password']; ?></p> <p>Your Name: <?php echo $row['fullname']; ?></p> <p>Your Profile:<br><?php echo $row['profile']; ?></p> <p>Your Email Address: <?php echo $row['email']; ?></p> <p><a href="?page=logout">LogOut</a></p> right now it shows the password in md5 Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/ Share on other sites More sharing options...
darkfreaks Posted September 2, 2007 Share Posted September 2, 2007 <?php if (isset($_GET['password'])){ $password = $_GET['password']; $password_length = strlen($password); } else { $password_length = 3; if (isset($_GET['length'])){ $password_length = $_GET['length'];} $password = randomkeys($password_length); } echo "Password is: $password <br />"; $password = md5($password); $attempts = 0; $start = microtime(true); while ($password != $guess){ $guess = md5(randomkeys($password_length)); $attempts++; } $end = microtime(true); $time = $end-$start; echo "Password guessed correctly after $attempts attempts and $time seconds";?> Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339553 Share on other sites More sharing options...
pocobueno1388 Posted September 2, 2007 Share Posted September 2, 2007 darkfreaks - What does that have to do with anything asked? md5() is a one way street, you can't decrypt it, at least not provided by PHP. Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339555 Share on other sites More sharing options...
Timma Posted September 2, 2007 Share Posted September 2, 2007 Well showing the password would be considered a security risk, what happens if they stay logged in? If you really want to show it, make another field in your MySQL table which has all their real passwords next to their md5 ones, but still this is considered a security risk. Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339556 Share on other sites More sharing options...
Fadion Posted September 2, 2007 Share Posted September 2, 2007 lol darkfreaks, thats pretty off topic. as previously said, md5 is a one way, 128-bit hashing algorithm. Theres not way of returning the original value. If you really want to show it, make another field in your MySQL table which has all their real passwords next to their md5 ones, but still this is considered a security risk. Then why md5 it when an attacker can find the other table. Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339557 Share on other sites More sharing options...
Timma Posted September 2, 2007 Share Posted September 2, 2007 I know, I said it's a security risk. And it's also a security risk to show them their password, if this is incase they forget it, make a system where it changes their password to a few random letters and number and then send that to their email. Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339558 Share on other sites More sharing options...
perezf Posted September 2, 2007 Author Share Posted September 2, 2007 thats a great idea thank you Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339560 Share on other sites More sharing options...
Azu Posted September 2, 2007 Share Posted September 2, 2007 I made this script where it shows the users their details, now how would i show them their password decrypted <?php session_start(); if(!session_is_registered('username')) { header("Location: http://localhost/practice.com/?page=log-on"); } $sessionid = $_SESSION['username']; $query = "SELECT * FROM ph_users WHERE username = '$sessionid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); ?> <p>You can View Your Infomation Below:</p> <p>Your UserName: <?php echo $row['username']; ?></p> <p>Your Password: <?php echo $row['password']; ?></p> <p>Your Name: <?php echo $row['fullname']; ?></p> <p>Your Profile:<br><?php echo $row['profile']; ?></p> <p>Your Email Address: <?php echo $row['email']; ?></p> <p><a href="?page=logout">LogOut</a></p> right now it shows the password in md5 The ONLY reason to put the passwords in MD5 in the first place is so that they cannot be retrieved. If you want it to be possible to retrieve the passwords, then don't change them to MD5. Link to comment https://forums.phpfreaks.com/topic/67593-solved-md5-decrypt/#findComment-339731 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.