[PHP-DB] MySQL Hash Function
G'day folks: I have a seemingly simple problem: I keep my passwords as simple MySQL hashes in a users' table. The rest of the system is reliant on this fact (othewise I'd change it quick sharp!) I've just constructed a simple username/password retrieval system, but don't know how to unhash the password if I'm not giving the password to the SQL SELECT statement: //Get username section here, then get password section (below) //user inputs email and username in order to retrieve lost password: else if(isset($getPassword)) { if((empty($Email)) || (empty($Username))) { $error = pbOne of the fields is empty!/b/p; } else if (!(ereg(^.+@.+\..+$, $Email))) { $error = The email address: 'i$Email/i ' is invalid!br; } else { $sql = SELECT usrName,usrPswd,Email FROM $table_realReg WHERE usrName='$Username' AND Email='$Email'; $result = mysql_query($sql,$connection) or die(mysql_error()); while($row = mysql_fetch_array($result)) { $email = $row['Email']; $Pas = $row['usrPswd']; } $error = pbYour lost password has been sent to: $Email./b/p; $to = $email; $subject = Your lost Password!; $body = Here is your lost Password!\n\n . Your Password: $Pas\n\n; $from = lost-details; mail($to,$subject,$body,From: $from); } } At the moment this retrieves the password hash. I can't use the MySQL password() function because I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' it?? What am I missing here? Many thanks. Russ #---# Believe nothing - consider everything Russ Michell Anglia Polytechnic University Webteam Room 1C 'The Eastings' East Road, Cambridge e: [EMAIL PROTECTED] w: www.apu.ac.uk/webteam www.theruss.com #---# -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] MySQL Hash Function
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Russ Michell Sent: 25 September 2001 18:32 To: [EMAIL PROTECTED] Subject: [PHP-DB] MySQL Hash Function G'day folks: I have a seemingly simple problem: I keep my passwords as simple MySQL hashes in a users' table. The rest of the system is reliant on this fact (othewise I'd change it quick sharp!) I've just constructed a simple username/password retrieval system, but don't know how to unhash the password if I'm not giving the password to the SQL SELECT statement: [snip] At the moment this retrieves the password hash. I can't use the MySQL password() function because I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' it?? What am I missing here? Many thanks. Russ Which MySQL function are you using to create the passwords? AFAIK none of the hashing/password type functions in MySQL are reversible. What this means is that instead of sending a user their 'lost' password you have create a new (random) one for them, email it to them and ask them to change it pronto. hth -- Jason Wong Gremlins Associates www.gremlins.com.hk Tel: +852-2573-5033 Fax: +852-2573-5851 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] MySQL Hash Function
On Tue, 2001-09-25 at 13:32, Russ Michell wrote: G'day folks: I have a seemingly simple problem: I keep my passwords as simple MySQL hashes in a users' table. The rest of the system is reliant on this fact (othewise I'd change it quick sharp!) I've just constructed a simple username/password retrieval system, but don't know how to unhash the password if I'm not giving the password to the SQL SELECT statement: //Get username section here, then get password section (below) //user inputs email and username in order to retrieve lost password: else if(isset($getPassword)) { if((empty($Email)) || (empty($Username))) { $error = pbOne of the fields is empty!/b/p; } else if (!(ereg(^.+@.+\..+$, $Email))) { $error = The email address: 'i$Email/i ' is invalid!br; } else { $sql = SELECT usrName,usrPswd,Email FROM $table_realReg WHERE usrName='$Username' AND Email='$Email'; $result = mysql_query($sql,$connection) or die(mysql_error()); while($row = mysql_fetch_array($result)) { $email = $row['Email']; $Pas = $row['usrPswd']; } $error = pbYour lost password has been sent to: $Email./b/p; $to = $email; $subject = Your lost Password!; $body = Here is your lost Password!\n\n . Your Password: $Pas\n\n; $from = lost-details; mail($to,$subject,$body,From: $from); } } At the moment this retrieves the password hash. I can't use the MySQL password() function because I'm not passing a variable for it to operate upon. So how can I use php to 'unhash' it?? What am I missing here? Many thanks. Russ #---# Believe nothing - consider everything Russ Michell Anglia Polytechnic University Webteam Room 1C 'The Eastings' East Road, Cambridge e: [EMAIL PROTECTED] w: www.apu.ac.uk/webteam www.theruss.com Well, I don't think you whould have any succes unhashing the pass, why don't you just assign a new one and send it ? regards, mitu -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]