[PHP] real password value

2002-12-13 Thread empty 
Hi all;

do you know how to decrypt password('xxx'); value?

For example

I have a function that mails password to user's mail address

but
result is here;


User Name: xjunky
Password :1ef781ad7c4b0dc2
Thanks.


I've inserted the password as password('$passw');

and selected as belove

function notify_password($username,$email){
if (!($conn = db_connect())) return false;
$result = mysql_query(select email,pass from site_members where 
User_Name='$username' and email='$email');
$email = mysql_result($result, 0, email);
$password=mysql_result($result, 0, pass);
$from = From: [EMAIL PROTECTED] \r\n;
$mesg = User Name: $username\r\n
.Password : $password \r\n
.Thanks.\r\n;
if (mail($email, Password Information, $mesg, $from)){
return true;
}else{
return false;
}

}


how to send the true value of th password?

thanks everybody who cares with it.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] real password value

2002-12-13 Thread Johannes Schlueter 
On Friday 13 December 2002 20:58, empty wrote:
 do you know how to decrypt password('xxx'); value?

You can't do this. The only thing you could do is to send the User who lost 
his password a new one with an activation link. The new Password is saved 
somewhere else. Then the user clicks on the link and has a _new_ password.

johannes

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] real password value

2002-12-13 Thread Joseph Guhlin 
The better strategy would be to generate a new random password and 
assign that as the password. MySQL's password function is one-way, 
meaning you can encrypt it, but not decrypt it. The way you test it is 
by taking what the user has entered, along with the salt, and encrypting 
that and seeing if it matches the stored, encrypted password. There is 
no way to decrypt it without brute forcing it.

So just assign a new password and mail it to the user. Hope this helps.


--Joseph Guhlin 
http://www.josephguhlin.com/
Was I helpful?  Let others know: 
http://svcs.affero.net/rm.php?r=bahwi 



empty wrote:

Hi all;

do you know how to decrypt password('xxx'); value?

For example

I have a function that mails password to user's mail address

but
result is here;


User Name: xjunky
Password :1ef781ad7c4b0dc2
Thanks.


I've inserted the password as password('$passw');

and selected as belove

function notify_password($username,$email){
   if (!($conn = db_connect())) return false;
   $result = mysql_query(select email,pass from site_members where User_Name='$username' and email='$email');
   $email = mysql_result($result, 0, email);
   $password=mysql_result($result, 0, pass);
   $from = From: [EMAIL PROTECTED] \r\n;
   $mesg = User Name: $username\r\n
   .Password : $password \r\n
   .Thanks.\r\n;
   if (mail($email, Password Information, $mesg, $from)){
   return true;
   }else{
   return false;
   }

}


how to send the true value of th password?

thanks everybody who cares with it.

 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php