On Tue, 2001-09-25 at 13:32, Russ Michell wrote:
> G'day folks:
>
> I have a seemingly simple problem:
> I keep my passwords as simple MySQL hashes in a users' table. The rest of the system
>is reliant on
> this fact (othewise I'd change it quick sharp!)
>
> I've just constructed a simple username/password retrieval system, but don't know
>how to unhash the
> password if I'm not giving the password to the SQL SELECT statement:
>
> //Get username section here, then get password section (below)
> //user inputs email and username in order to retrieve lost password:
>
> else if(isset($getPassword)) {
> if((empty($Email)) || (empty($Username))) {
> $error = "<p><b>One of the fields is empty!</b></p>";
> }
> else if (!(ereg("^.+@.+\..+$", $Email))) {
> $error = "The email address: '<i>$Email</i> ' is invalid!<br>";
> }
> else {
> $sql = "SELECT usrName,usrPswd,Email FROM $table_realReg WHERE
>usrName='$Username' AND Email='$Email'";
> $result = mysql_query($sql,$connection) or die(mysql_error());
> while($row = mysql_fetch_array($result)) {
> $email = $row['Email'];
> $Pas = $row['usrPswd'];
> }
> $error = "<p><b>Your lost password has been sent to: $Email.</b></p>";
> $to = $email;
> $subject = "Your lost Password!";
> $body = "Here is your lost
> Password!\n\n" . "Your Password: $Pas\n\n";
> $from = "lost-details";
> mail("$to","$subject","$body","From: $from");
> }
> }
>
> At the moment this retrieves the password hash. I can't use the MySQL password()
>function because
> I'm not passing a variable for it to operate upon. So how can I use php to 'unhash'
>it??
> What am I missing here?
>
> Many thanks.
> Russ
>
> #-------------------------------------------------------#
>
> "Believe nothing - consider everything"
>
> Russ Michell
> Anglia Polytechnic University Webteam
> Room 1C 'The Eastings' East Road, Cambridge
>
> e: [EMAIL PROTECTED]
> w: www.apu.ac.uk/webteam
>
> www.theruss.com
Well, I don't think you whould have any succes unhashing the pass,
why don't you just assign a new one and send it ?
regards,
mitu
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]