fri3ndly Posted January 14, 2008 Share Posted January 14, 2008 I have recently built a forgot password feature for my login system, however, at the moment the password that gets e-mailed to customers is hashed (MD5). How can I convert it back to normal before it sends? Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/ Share on other sites More sharing options...
adam291086 Posted January 14, 2008 Share Posted January 14, 2008 From what i understand you can converst md5 back to its orginal form. Thats the whole point of it. To encrypted the information so no one can understand it. When you enter you password to login you encrypt it. Then you check the database to see if the encryptions match. Therefore if anyone gets into your database they will still non the wiser. Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438717 Share on other sites More sharing options...
dooper3 Posted January 14, 2008 Share Posted January 14, 2008 You can't as far as i'm aware. That's the whole point in encrypting passwords, so that if someone gains access to your database, they can't steal the information. If you could the script required would probably be a fairly hefty one. Better option is to get the email to reset their password to a temporary randomly generated string, and update the database to that effect, then get them to change their password straight away to something they'll remember. Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438718 Share on other sites More sharing options...
fri3ndly Posted January 14, 2008 Author Share Posted January 14, 2008 Thats what I thought.... So how would this feature work then? At the moment it looks up the users e-mail address and returns their details, along with a hashed password. The hashed password is always the same, it doesnt vary each time therefore I see no reason why it couldnt be reversed, but if not how do other PHP systems (eg. Joomla) achieve this? Thanks, Simon Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438720 Share on other sites More sharing options...
fri3ndly Posted January 14, 2008 Author Share Posted January 14, 2008 You can't as far as i'm aware. That's the whole point in encrypting passwords, so that if someone gains access to your database, they can't steal the information. If you could the script required would probably be a fairly hefty one. Better option is to get the email to reset their password to a temporary randomly generated string, and update the database to that effect, then get them to change their password straight away to something they'll remember. Ah thats a great idea, I hadn't thought of that. Thank you! So now..... How do I develop a 'temporary randomly generated string'? Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438722 Share on other sites More sharing options...
fri3ndly Posted January 14, 2008 Author Share Posted January 14, 2008 I have found a useful function, thanks! hxxp://www.laughing-buddha.net/jon/php/password/ Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438726 Share on other sites More sharing options...
dooper3 Posted January 14, 2008 Share Posted January 14, 2008 Sorted? Glad to be of help, and good luck. (don't forget to mark topic as solved!) Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438733 Share on other sites More sharing options...
tinker Posted January 14, 2008 Share Posted January 14, 2008 Just for your information: MD5 is a one way hashing algorithm and not an encryption algorithm! Hash's Encryption Within php look at crypt and mcrypt Quote Link to comment https://forums.phpfreaks.com/topic/85934-forgot-password-feature/#findComment-438750 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.