RE: [PHP-DB] MySQLPHP decrypt(password)
Password and MD$ return different values. They are not compatible. Since
both are one way encryptions, you can not retrive the orginal value
From: "moses Woldeselassie" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], php-db@lists.php.net
Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
Date: Mon, 28 Feb 2005 16:44:56 +
thank you Bastien
I do have a login and registration php sript, which work fine. the problem
is I am using password(passwd) to registrat the user, and i did change md5
into password() but how do i get the password that a user has registrated
in the first time?
other problem:
i did try to use the sending email using the following:
select passwd from users where username=$mid and email = $email
but it doesn't work. If i put * instead of passwd it works fine.
select * from users where username=$mid and email=$email
what is the problem?
I didn't get it, a user should easliy login using the new password, which
was changed using change_password().
kind regards
m
>From: "Bastien Koert" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 09:31:20 -0500
>
>There needs to be a separate login page...The previous page was simply
to change the password...
>
>here is my login function...
>
>//---
>// login function
>//---
>function login()
>{
> global $err_msg;
> $errors = array();
>
> if ((empty
($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
> $errors[] = "<font color=red>You didn't enter a correct
login name.</font>";}
> if ((empty
($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
> $errors[] = "<font color=red>You didn't enter a
password.</font>";}
>
> if (count($errors) > 0) {
>
> for ($i = 0; $i < $nerrors; $i++){
> $err_msg .= $errors[$i]."<br />";
> }
> show_form();
> exit();
> }//end if
>
> $lg_name = $_POST['lg_name'];
> $lg_pw = $_POST['lg_pw'];
>
> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info
where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
> $result = connect($new_select);
> $num_result = mysql_num_rows ($result);
>
> if ($num_result == 1) {
>
> //if the temp_password value is set to 1 then have the user change
the password.
> $row = mysql_fetch_array($result);
> if ($row['temp_pass']==1){
> header("location:change_pass.php");
> die();
> }//end if
>
> setcookie('last_time',
date("Ymd-his"),time()+60*60*24*30,'/');
> echo "here";
> header("location:/login_unit/brokerpanel.htm");
> exit();
> }else{
> $err_msg = "<font color=red>No match found! If you have
forgotten your password, please click the link at the
right.</font";
> show_form();
> exit();
> }
>}//end functon
>
>?>
>
>bastien
>
> >From: "moses Woldeselassie" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED], php-db@lists.php.net
> >Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >Date: Mon, 28 Feb 2005 11:16:23 +
> >
> >Thank you Bastien
> >
> >It works fine, but i do have a problem with login. MySQL does not
allowed the user to login.
> >
> >
> >I did try to use sending email without using the
change_password(), but it is sending different password each time:
> >
> >1. Why is it sending different password for one user?
> >2. How could I get a user password without changing a user
password?
> >
> >
> >
> >
> >kind regards
> >m
> >
> >
> >
> >
> >
> >
> >>From: "Bastien Koert"
<[EMAIL PROTECTED]>
> >>To: [EMAIL PROTECTED], php-db@lists.php.net
> >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >>Date: Fri, 25 Feb 2005 14:04:30 -0500
> >>
> >>You can't. Its an MD5 hash, not an encryption...I reset
the password to a random one, and email it to the user, also flag the
account to force them to change the password upon login...
> >>
> >>[code]
> >>function mail_password()
> >>{
> >> global $err_msg;
> >> //get the variables from the form
> >> if
((isset($_POST['email']))&&(i
RE: [PHP-DB] MySQLPHP decrypt(password)
thank you.
I do have login and registration script, which work fine. the problem is
with new password.
I am using password() to registrate a user. I did change in the
change_password()
md5() into password(), it changes the user password. I coud easliy see it in
mysql db.
but a user could not login using the new password.
do i have to change the password() into md5() in the registration php
script?
1. is it anyway i could get the password without changing a user password
from mysql.
kind regards
m
>From: "Bastien Koert" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 09:31:20 -0500
>
>There needs to be a separate login page...The previous page was simply
to change the password...
>
>here is my login function...
>
>//---
>// login function
>//---
>function login()
>{
> global $err_msg;
> $errors = array();
>
> if ((empty
($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
> $errors[] = "<font color=red>You didn't enter a correct
login name.</font>";}
> if ((empty
($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
> $errors[] = "<font color=red>You didn't enter a
password.</font>";}
>
> if (count($errors) > 0) {
>
> for ($i = 0; $i < $nerrors; $i++){
> $err_msg .= $errors[$i]."<br />";
> }
> show_form();
> exit();
> }//end if
>
> $lg_name = $_POST['lg_name'];
> $lg_pw = $_POST['lg_pw'];
>
> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info
where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
> $result = connect($new_select);
> $num_result = mysql_num_rows ($result);
>
> if ($num_result == 1) {
>
> //if the temp_password value is set to 1 then have the user change the
password.
> $row = mysql_fetch_array($result);
> if ($row['temp_pass']==1){
> header("location:change_pass.php");
> die();
> }//end if
>
> setcookie('last_time',
date("Ymd-his"),time()+60*60*24*30,'/');
> echo "here";
> header("location:/login_unit/brokerpanel.htm");
> exit();
> }else{
> $err_msg = "<font color=red>No match found! If you have
forgotten your password, please click the link at the right.</font";
> show_form();
> exit();
> }
>}//end functon
>
>?>
>
>bastien
>
> >From: "moses Woldeselassie" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED], php-db@lists.php.net
> >Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >Date: Mon, 28 Feb 2005 11:16:23 +
> >
> >Thank you Bastien
> >
> >It works fine, but i do have a problem with login. MySQL does not
allowed the user to login.
> >
> >
> >I did try to use sending email without using the change_password(),
but it is sending different password each time:
> >
> >1. Why is it sending different password for one user?
> >2. How could I get a user password without changing a user
password?
> >
> >
> >
> >
> >kind regards
> >m
> >
> >
> >
> >
> >
> >
> >>From: "Bastien Koert"
<[EMAIL PROTECTED]>
> >>To: [EMAIL PROTECTED], php-db@lists.php.net
> >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
> >>Date: Fri, 25 Feb 2005 14:04:30 -0500
> >>
> >>You can't. Its an MD5 hash, not an encryption...I reset the
password to a random one, and email it to the user, also flag the account to
force them to change the password upon login...
> >>
> >>[code]
> >>function mail_password()
> >>{
> >> global $err_msg;
> >> //get the variables from the form
> >> if
((isset($_POST['email']))&&(isset($_POST['lg_name']))){
> >> $email = $_POST['email'];
> >> $mid = $_POST['lg_name'];
> >> $date_cookie = $_COOKIE['last_time'];
> >> }else{
> >> $err_msg = "<b>Please enter both
your email address and your username. Thank
you.</b>";
> >> show_form();
> >> die();
> >> }//end if
> >>
> >> /
RE: [PHP-DB] MySQLPHP decrypt(password)
Thank you Bastien
It works fine, but i do have a problem with login. MySQL does not allowed
the user to login.
I did try to use sending email without using the change_password(), but it
is sending different password each time:
1. Why is it sending different password for one user?
2. How could I get a user password without changing a user password?
kind regards
m
>From: "Bastien Koert" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], php-db@lists.php.net
>Subject: RE: [PHP-DB] MySQLPHP decrypt(password)
>Date: Fri, 25 Feb 2005 14:04:30 -0500
>
>You can't. Its an MD5 hash, not an encryption...I reset the password to
a random one, and email it to the user, also flag the account to force them
to change the password upon login...
>
>[code]
>function mail_password()
>{
> global $err_msg;
> //get the variables from the form
> if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
> $email = $_POST['email'];
> $mid = $_POST['lg_name'];
> $date_cookie = $_COOKIE['last_time'];
> }else{
> $err_msg = "<b>Please enter both your email address and
your username. Thank you.</b>";
> show_form();
> die();
> }//end if
>
> //create the sql and run the query
> $sql = "SELECT * FROM users WHERE user_email='$email' and
user_name = '$mid'";
>
> $result = connect($sql);
>
> //check the query results
> if (mysql_num_rows($result)!=1){
> $err_msg = "<font color=red>No results found. Please
re-enter your username and email address to try again.</font>";
> show_form();
>
> }else{
>
> $row = mysql_fetch_array($result);
> $email2 = $row['cust_email'];
> $pass = $row['cust_pw'];
>
> //call the change password function and pass it the information
related to the record to create the temp password
> $new_pass = change_password($mid, $pass);
>
> $sendto = $email2;
> $from = "WebMaster <[EMAIL PROTECTED]>";
> $subject = "Forgotten Password";
> $message = "Dear $email2,
>
> Your password is $new_pass.
>
> Regards,
> Webmaster";
> echo $message;
>
> $headers = "MIME-Version: 1.0\n";
> $headers .= "Content-type: text/plain;
charset=iso-8859-1\n";
> $headers .= "X-Priority: 3\n";
> $headers .= "X-MSMail-Priority: Normal\n";
> $headers .= "X-Mailer: php\n";
> $headers .= "From: \"".$from."\"
<".$from.">\n";
>
> if (!mail($sendto, $subject, $message, $headers)){
> echo "Mail failed to send";
> }else{
> header("location:confirm1.htm");
> }//end if
> }//end if
>}//end function
>
>//---
>// change password function
>//---
>function change_password($id, $password)
>{
> //generate a random password
> $pass = "";
> $salt = "abchefghjkmnpqrstuvwxyz0123456789";
> srand((double)microtime()*100);
> $i = 0;
> while ($i <= 7) {
> $num = rand() % 33;
> $tmp = substr($salt, $num, 1);
> $pass = $pass . $tmp;
> $i++;
> }
> //change the password in the db
> $sql = "update cust_info set cust_pw ='".md5($pass)."',
temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'";
> $result = connect($sql);
> if ($result){
> return $pass;
> }else{
> change_password($id, $password);
> }
>}//end function
>[/code]
>
>
>bastien
>
>
>
> >From: "moses Woldeselassie" <[EMAIL PROTECTED]>
> >To: php-db@lists.php.net
> >Subject: [PHP-DB] MySQLPHP decrypt(password)
> >Date: Fri, 25 Feb 2005 10:20:55 +
> >
> >hi all
> >
> >I am using password() to crypt a user password online. but how do i
decrypt a user password, when user forgot his/her password?
> >
> >
> >kind regards
> >m
> >
> >--
> >PHP Database Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
On Fri, 2005-02-25 at 10:20 +, moses Woldeselassie wrote: >hi all > >I am using password() to crypt a user password online. but how do i decrypt >a user password, when user forgot his/her password? > > >kind regards >m > You don't. You make them reset their password. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development * --- Now hosting Ruby on Rails Apps --- / -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQLPHP decrypt(password)
You can't. Its an MD5 hash, not an encryption...I reset the password to a
random one, and email it to the user, also flag the account to force them to
change the password upon login...
[code]
function mail_password()
{
global $err_msg;
//get the variables from the form
if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
$email = $_POST['email'];
$mid = $_POST['lg_name'];
$date_cookie = $_COOKIE['last_time'];
}else{
$err_msg = "Please enter both your email address and your username.
Thank you.";
show_form();
die();
}//end if
//create the sql and run the query
$sql = "SELECT * FROM users WHERE user_email='$email' and user_name =
'$mid'";
$result = connect($sql);
//check the query results
if (mysql_num_rows($result)!=1){
$err_msg = "No results found. Please re-enter your
username and email address to try again.";
show_form();
}else{
$row = mysql_fetch_array($result);
$email2 = $row['cust_email'];
$pass = $row['cust_pw'];
//call the change password function and pass it the information related to
the record to create the temp password
$new_pass = change_password($mid, $pass);
$sendto = $email2;
$from = "WebMaster <[EMAIL PROTECTED]>";
$subject= "Forgotten Password";
$message= "Dear $email2,
Your password is $new_pass.
Regards,
Webmaster";
echo $message;
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$from."\" <".$from.">\n";
if (!mail($sendto, $subject, $message, $headers)){
echo "Mail failed to send";
}else{
header("location:confirm1.htm");
}//end if
}//end if
}//end function
//---
// change password function
//---
function change_password($id, $password)
{
//generate a random password
$pass = "";
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*100);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//change the password in the db
$sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where
cust_lg = '$id' and cust_pw = '$password'";
$result = connect($sql);
if ($result){
return $pass;
}else{
change_password($id, $password);
}
}//end function
[/code]
bastien
From: "moses Woldeselassie" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] MySQLPHP decrypt(password)
Date: Fri, 25 Feb 2005 10:20:55 +
hi all
I am using password() to crypt a user password online. but how do i decrypt
a user password, when user forgot his/her password?
kind regards
m
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
moses Woldeselassie wrote: hi all I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? kind regards m You don't - that's the point. You have to provide them with a way to reset their password, based on some other method of authentication. Traditionally this is done with mailing a user a password reset link, and having that link only available for a short period of time. Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
