On Tue, 2001-09-25 at 13:32, Russ Michell wrote:
> G'day folks:
> 
> I have a seemingly simple problem:
> I keep my passwords as simple MySQL hashes in a users' table. The rest of the system 
>is reliant on 
> this fact (othewise I'd change it quick sharp!)
> 
> I've just constructed a simple username/password retrieval system, but don't know 
>how to unhash the 
> password if I'm not giving the password to the SQL SELECT statement:
> 
> //Get username section here, then get password section (below)
> //user inputs email and username in order to retrieve lost password:
> 
> else if(isset($getPassword)) {
>       if((empty($Email)) || (empty($Username))) {
>               $error = "<p><b>One of the fields is empty!</b></p>";
>               }
>       else if (!(ereg("^.+@.+\..+$", $Email))) { 
>               $error = "The email address: '<i>$Email</i> ' is invalid!<br>";
>               }
>       else {
>               $sql = "SELECT usrName,usrPswd,Email FROM $table_realReg WHERE 
>usrName='$Username' AND Email='$Email'";
>               $result = mysql_query($sql,$connection) or die(mysql_error());
>               while($row = mysql_fetch_array($result)) {
>                       $email = $row['Email'];
>                       $Pas = $row['usrPswd'];
>                       }
>               $error = "<p><b>Your lost password has been sent to: $Email.</b></p>";
>               $to = $email;
>               $subject = "Your lost Password!";
>               $body = "Here is your lost 
>                 Password!\n\n" . "Your Password: $Pas\n\n";
>               $from = "lost-details";
>               mail("$to","$subject","$body","From: $from");
>               }
>       }
> 
> At the moment this retrieves the password hash. I can't use the MySQL password() 
>function because 
> I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' 
>it??
> What am I missing here?
> 
> Many thanks.
> Russ
> 
> #-------------------------------------------------------#
>                               
>   "Believe nothing - consider everything"     
>   
>   Russ Michell
>   Anglia Polytechnic University Webteam
>   Room 1C 'The Eastings' East Road, Cambridge
>   
>   e: [EMAIL PROTECTED]
>   w: www.apu.ac.uk/webteam
> 
>   www.theruss.com

 Well, I don't think you whould have any succes unhashing the pass,
why don't you just assign a new one and send it ? 
  regards,
    mitu


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to