perezf Posted September 2, 2007 Share Posted September 2, 2007 I made this script where it shows the users their details, now how would i show them their password decrypted <?php session_start(); if(!session_is_registered('username')) { header("Location: http://localhost/practice.com/?page=log-on"); } $sessionid = $_SESSION['username']; $query = "SELECT * FROM ph_users WHERE username = '$sessionid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); ?> <p>You can View Your Infomation Below:</p> <p>Your UserName: <?php echo $row['username']; ?></p> <p>Your Password: <?php echo $row['password']; ?></p> <p>Your Name: <?php echo $row['fullname']; ?></p> <p>Your Profile:<br><?php echo $row['profile']; ?></p> <p>Your Email Address: <?php echo $row['email']; ?></p> <p><a href="?page=logout">LogOut</a></p> right now it shows the password in md5 Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted September 2, 2007 Share Posted September 2, 2007 <?php if (isset($_GET['password'])){ $password = $_GET['password']; $password_length = strlen($password); } else { $password_length = 3; if (isset($_GET['length'])){ $password_length = $_GET['length'];} $password = randomkeys($password_length); } echo "Password is: $password <br />"; $password = md5($password); $attempts = 0; $start = microtime(true); while ($password != $guess){ $guess = md5(randomkeys($password_length)); $attempts++; } $end = microtime(true); $time = $end-$start; echo "Password guessed correctly after $attempts attempts and $time seconds";?> Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted September 2, 2007 Share Posted September 2, 2007 darkfreaks - What does that have to do with anything asked? md5() is a one way street, you can't decrypt it, at least not provided by PHP. Quote Link to comment Share on other sites More sharing options...
Timma Posted September 2, 2007 Share Posted September 2, 2007 Well showing the password would be considered a security risk, what happens if they stay logged in? If you really want to show it, make another field in your MySQL table which has all their real passwords next to their md5 ones, but still this is considered a security risk. Quote Link to comment Share on other sites More sharing options...
Fadion Posted September 2, 2007 Share Posted September 2, 2007 lol darkfreaks, thats pretty off topic. as previously said, md5 is a one way, 128-bit hashing algorithm. Theres not way of returning the original value. If you really want to show it, make another field in your MySQL table which has all their real passwords next to their md5 ones, but still this is considered a security risk. Then why md5 it when an attacker can find the other table. Quote Link to comment Share on other sites More sharing options...
Timma Posted September 2, 2007 Share Posted September 2, 2007 I know, I said it's a security risk. And it's also a security risk to show them their password, if this is incase they forget it, make a system where it changes their password to a few random letters and number and then send that to their email. Quote Link to comment Share on other sites More sharing options...
perezf Posted September 2, 2007 Author Share Posted September 2, 2007 thats a great idea thank you Quote Link to comment Share on other sites More sharing options...
Azu Posted September 2, 2007 Share Posted September 2, 2007 I made this script where it shows the users their details, now how would i show them their password decrypted <?php session_start(); if(!session_is_registered('username')) { header("Location: http://localhost/practice.com/?page=log-on"); } $sessionid = $_SESSION['username']; $query = "SELECT * FROM ph_users WHERE username = '$sessionid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); ?> <p>You can View Your Infomation Below:</p> <p>Your UserName: <?php echo $row['username']; ?></p> <p>Your Password: <?php echo $row['password']; ?></p> <p>Your Name: <?php echo $row['fullname']; ?></p> <p>Your Profile:<br><?php echo $row['profile']; ?></p> <p>Your Email Address: <?php echo $row['email']; ?></p> <p><a href="?page=logout">LogOut</a></p> right now it shows the password in md5 The ONLY reason to put the passwords in MD5 in the first place is so that they cannot be retrieved. If you want it to be possible to retrieve the passwords, then don't change them to MD5. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.