>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Russ
>Michell
>Sent: 25 September 2001 18:32
>To: [EMAIL PROTECTED]
>Subject: [PHP-DB] MySQL Hash Function
>
>
>G'day folks:
>
>I have a seemingly simple problem:
>I keep my passwords as simple MySQL hashes in a users' table. The
>rest of the system is reliant on
>this fact (othewise I'd change it quick sharp!)
>
>I've just constructed a simple username/password retrieval system,
>but don't know how to unhash the
>password if I'm not giving the password to the SQL SELECT statement:

[snip]

>At the moment this retrieves the password hash. I can't use the
>MySQL password() function because
>I'm not passing a variable for it to operate upon. So how can I
>use php to 'unhash' it??
>What am I missing here?
>
>Many thanks.
>Russ


Which MySQL function are you using to create the passwords?

AFAIK none of the hashing/password type functions in MySQL are reversible.
What this means is that instead of sending a user their 'lost' password you
have create a new (random) one for them, email it to them and ask them to
change it pronto.


hth
--
Jason Wong
Gremlins Associates
www.gremlins.com.hk
Tel: +852-2573-5033
Fax: +852-2573-5851


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to