G'day folks:
I have a seemingly simple problem:
I keep my passwords as simple MySQL hashes in a users' table. The rest of the system
is reliant on
this fact (othewise I'd change it quick sharp!)
I've just constructed a simple username/password retrieval system, but don't know how
to unhash the
password if I'm not giving the password to the SQL SELECT statement:
//Get username section here, then get password section (below)
//user inputs email and username in order to retrieve lost password:
else if(isset($getPassword)) {
if((empty($Email)) || (empty($Username))) {
$error = "<p><b>One of the fields is empty!</b></p>";
}
else if (!(ereg("^.+@.+\..+$", $Email))) {
$error = "The email address: '<i>$Email</i> ' is invalid!<br>";
}
else {
$sql = "SELECT usrName,usrPswd,Email FROM $table_realReg WHERE
usrName='$Username' AND Email='$Email'";
$result = mysql_query($sql,$connection) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$email = $row['Email'];
$Pas = $row['usrPswd'];
}
$error = "<p><b>Your lost password has been sent to: $Email.</b></p>";
$to = $email;
$subject = "Your lost Password!";
$body = "Here is your lost
Password!\n\n" . "Your Password: $Pas\n\n";
$from = "lost-details";
mail("$to","$subject","$body","From: $from");
}
}
At the moment this retrieves the password hash. I can't use the MySQL password()
function because
I'm not passing a variable for it to operate upon. So how can I use php to 'unhash'
it??
What am I missing here?
Many thanks.
Russ
#-------------------------------------------------------#
"Believe nothing - consider everything"
Russ Michell
Anglia Polytechnic University Webteam
Room 1C 'The Eastings' East Road, Cambridge
e: [EMAIL PROTECTED]
w: www.apu.ac.uk/webteam
www.theruss.com
#-------------------------------------------------------#
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]