ricerocket Posted March 23, 2008 Share Posted March 23, 2008 I'm having trouble displaying the users from my database. When the page opens it shows the username and emails right but when the passwords come up they're all the same, and they're encrypted, but I"m trying to get them UNcrypted. Heres my script below. Please take a look and tell me what I"m doing wrong. Thanks <html> <head> <title>Users</title> <link rel='stylesheet' href='style.css' type='text/css'> </head> <body> <? include "connect.php"; $getscores="SELECT username,email,password from userdb order by username DESC limit 10000"; $getscores2=mysql_query($getscores) or die("Could not get scores"); $passwords = strrev(md5(md5(strrev(md5("$getscores3[password]"))))); $rank=1; print "<center><h2>Users</h2></center><center>"; print "<table width=90% class='maintable'><tr class='headline'><td>Username</td><td>Email</td><td>Password</td></tr>"; while($getscores3=mysql_fetch_array($getscores2)) { $getscores3[username]=strip_tags($getscores3[username]); print "<tr class='mainrow'><td>$getscores3[username]</td><td>$getscores3[email]</td><td>$passwords</td></tr>"; $rank++; } print "</table></center>"; ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/97488-password-retrieval-problems/ Share on other sites More sharing options...
dbillings Posted March 23, 2008 Share Posted March 23, 2008 I believe md5 is one way encryption. Link to comment https://forums.phpfreaks.com/topic/97488-password-retrieval-problems/#findComment-498804 Share on other sites More sharing options...
ricerocket Posted March 23, 2008 Author Share Posted March 23, 2008 but then how does my login script read the password? Link to comment https://forums.phpfreaks.com/topic/97488-password-retrieval-problems/#findComment-498806 Share on other sites More sharing options...
dbillings Posted March 23, 2008 Share Posted March 23, 2008 <?php $username = $_REQUEST['username']; $password = md5($_REQUEST['password']); $sql = "SELECT username, email FROM userdb WHERE username = '$username' AND password = '$password'"; $result = mysql_query('$sql') or die(mysql_error()); if($result) { while($row = mysql_fetch_array($result, MYSQL_ASSOC) { echo "$row['username'] <br />"; echo "$row['email'] <br />"; } }else{ echo "No data was retrieved."; } ?> Not tested. Link to comment https://forums.phpfreaks.com/topic/97488-password-retrieval-problems/#findComment-498820 Share on other sites More sharing options...
MadTechie Posted March 23, 2008 Share Posted March 23, 2008 but then how does my login script read the password? MD5 is oneway if i MD5('HELLO') i would get 32 chars something like this A67864DF64C3268.. etc now you don't need decrypt this to check if the password is correct what you do is get the user input and MD5 it.. so HELLO will always appear as A67864DF64C3268.. etc and as that is stored in the database it will compare correctly but HellO will have a different MD5 result thus will be invalid.. inshort you can't decrypt it.. NOTE: to anyone whos going to say it can be: their a ton of post about decrypting it, which all point to the true fact it can NOT be decrypted.. so please don't turn this post into a bruteforce / rainbow table post (again!) Side note: your password it stored like this $passwords = strrev(md5(md5(strrev(md5("$getscores3[password]"))))); this isn't the best way of doing it, you should use salt but we will save that for another post i guess.. Link to comment https://forums.phpfreaks.com/topic/97488-password-retrieval-problems/#findComment-498892 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.