[PHP-DB] MySQL Hash Function
G'day folks:
I have a seemingly simple problem:
I keep my passwords as simple MySQL hashes in a users' table. The rest of the system
is reliant on
this fact (othewise I'd change it quick sharp!)
I've just constructed a simple username/password retrieval system, but don't know how
to unhash the
password if I'm not giving the password to the SQL SELECT statement:
//Get username section here, then get password section (below)
//user inputs email and username in order to retrieve lost password:
else if(isset($getPassword)) {
if((empty($Email)) || (empty($Username))) {
$error = pbOne of the fields is empty!/b/p;
}
else if (!(ereg(^.+@.+\..+$, $Email))) {
$error = The email address: 'i$Email/i ' is invalid!br;
}
else {
$sql = SELECT usrName,usrPswd,Email FROM $table_realReg WHERE
usrName='$Username' AND Email='$Email';
$result = mysql_query($sql,$connection) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$email = $row['Email'];
$Pas = $row['usrPswd'];
}
$error = pbYour lost password has been sent to: $Email./b/p;
$to = $email;
$subject = Your lost Password!;
$body = Here is your lost
Password!\n\n . Your Password: $Pas\n\n;
$from = lost-details;
mail($to,$subject,$body,From: $from);
}
}
At the moment this retrieves the password hash. I can't use the MySQL password()
function because
I'm not passing a variable for it to operate upon. So how can I use php to 'unhash'
it??
What am I missing here?
Many thanks.
Russ
#---#
Believe nothing - consider everything
Russ Michell
Anglia Polytechnic University Webteam
Room 1C 'The Eastings' East Road, Cambridge
e: [EMAIL PROTECTED]
w: www.apu.ac.uk/webteam
www.theruss.com
#---#
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] MySQL Hash Function
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Russ Michell Sent: 25 September 2001 18:32 To: [EMAIL PROTECTED] Subject: [PHP-DB] MySQL Hash Function G'day folks: I have a seemingly simple problem: I keep my passwords as simple MySQL hashes in a users' table. The rest of the system is reliant on this fact (othewise I'd change it quick sharp!) I've just constructed a simple username/password retrieval system, but don't know how to unhash the password if I'm not giving the password to the SQL SELECT statement: [snip] At the moment this retrieves the password hash. I can't use the MySQL password() function because I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' it?? What am I missing here? Many thanks. Russ Which MySQL function are you using to create the passwords? AFAIK none of the hashing/password type functions in MySQL are reversible. What this means is that instead of sending a user their 'lost' password you have create a new (random) one for them, email it to them and ask them to change it pronto. hth -- Jason Wong Gremlins Associates www.gremlins.com.hk Tel: +852-2573-5033 Fax: +852-2573-5851 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] MySQL Hash Function
On Tue, 2001-09-25 at 13:32, Russ Michell wrote:
G'day folks:
I have a seemingly simple problem:
I keep my passwords as simple MySQL hashes in a users' table. The rest of the system
is reliant on
this fact (othewise I'd change it quick sharp!)
I've just constructed a simple username/password retrieval system, but don't know
how to unhash the
password if I'm not giving the password to the SQL SELECT statement:
//Get username section here, then get password section (below)
//user inputs email and username in order to retrieve lost password:
else if(isset($getPassword)) {
if((empty($Email)) || (empty($Username))) {
$error = pbOne of the fields is empty!/b/p;
}
else if (!(ereg(^.+@.+\..+$, $Email))) {
$error = The email address: 'i$Email/i ' is invalid!br;
}
else {
$sql = SELECT usrName,usrPswd,Email FROM $table_realReg WHERE
usrName='$Username' AND Email='$Email';
$result = mysql_query($sql,$connection) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$email = $row['Email'];
$Pas = $row['usrPswd'];
}
$error = pbYour lost password has been sent to: $Email./b/p;
$to = $email;
$subject = Your lost Password!;
$body = Here is your lost
Password!\n\n . Your Password: $Pas\n\n;
$from = lost-details;
mail($to,$subject,$body,From: $from);
}
}
At the moment this retrieves the password hash. I can't use the MySQL password()
function because
I'm not passing a variable for it to operate upon. So how can I use php to 'unhash'
it??
What am I missing here?
Many thanks.
Russ
#---#
Believe nothing - consider everything
Russ Michell
Anglia Polytechnic University Webteam
Room 1C 'The Eastings' East Road, Cambridge
e: [EMAIL PROTECTED]
w: www.apu.ac.uk/webteam
www.theruss.com
Well, I don't think you whould have any succes unhashing the pass,
why don't you just assign a new one and send it ?
regards,
mitu
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
