G'day folks:

I have a seemingly simple problem:
I keep my passwords as simple MySQL hashes in a users' table. The rest of the system 
is reliant on 
this fact (othewise I'd change it quick sharp!)

I've just constructed a simple username/password retrieval system, but don't know how 
to unhash the 
password if I'm not giving the password to the SQL SELECT statement:

//Get username section here, then get password section (below)
//user inputs email and username in order to retrieve lost password:

else if(isset($getPassword)) {
        if((empty($Email)) || (empty($Username))) {
                $error = "<p><b>One of the fields is empty!</b></p>";
        else if (!(ereg("^.+@.+\..+$", $Email))) { 
                $error = "The email address: '<i>$Email</i> ' is invalid!<br>";
        else {
                $sql = "SELECT usrName,usrPswd,Email FROM $table_realReg WHERE 
usrName='$Username' AND Email='$Email'";
                $result = mysql_query($sql,$connection) or die(mysql_error());
                while($row = mysql_fetch_array($result)) {
                        $email = $row['Email'];
                        $Pas = $row['usrPswd'];
                $error = "<p><b>Your lost password has been sent to: $Email.</b></p>";
                $to = $email;
                $subject = "Your lost Password!";
                $body = "Here is your lost 
                Password!\n\n" . "Your Password: $Pas\n\n";
                $from = "lost-details";
                mail("$to","$subject","$body","From: $from");

At the moment this retrieves the password hash. I can't use the MySQL password() 
function because 
I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' 
What am I missing here?

Many thanks.

  "Believe nothing - consider everything"       
  Russ Michell
  Anglia Polytechnic University Webteam
  Room 1C 'The Eastings' East Road, Cambridge
  w: www.apu.ac.uk/webteam


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to