RE: [PHP-DB] MySQLPHP decrypt(password)
Password and MD$ return different values. They are not compatible. Since both are one way encryptions, you can not retrive the orginal value From: "moses Woldeselassie" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], php-db@lists.php.net Subject: RE: [PHP-DB] MySQLPHP decrypt(password) Date: Mon, 28 Feb 2005 16:44:56 + thank you Bastien I do have a login and registration php sript, which work fine. the problem is I am using password(passwd) to registrat the user, and i did change md5 into password() but how do i get the password that a user has registrated in the first time? other problem: i did try to use the sending email using the following: select passwd from users where username=$mid and email = $email but it doesn't work. If i put * instead of passwd it works fine. select * from users where username=$mid and email=$email what is the problem? I didn't get it, a user should easliy login using the new password, which was changed using change_password(). kind regards m >From: "Bastien Koert" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: RE: [PHP-DB] MySQLPHP decrypt(password) >Date: Mon, 28 Feb 2005 09:31:20 -0500 > >There needs to be a separate login page...The previous page was simply to change the password... > >here is my login function... > >//--- >// login function >//--- >function login() >{ > global $err_msg; > $errors = array(); > > if ((empty ($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){ > $errors[] = "<font color=red>You didn't enter a correct login name.</font>";} > if ((empty ($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){ > $errors[] = "<font color=red>You didn't enter a password.</font>";} > > if (count($errors) > 0) { > > for ($i = 0; $i < $nerrors; $i++){ > $err_msg .= $errors[$i]."<br />"; > } > show_form(); > exit(); > }//end if > > $lg_name = $_POST['lg_name']; > $lg_pw = $_POST['lg_pw']; > > $new_select = "select cust_lg, cust_pw, temp_pass from cust_info where cust_lg = '$lg_name' and cust_pw = '$lg_pw'"; > $result = connect($new_select); > $num_result = mysql_num_rows ($result); > > if ($num_result == 1) { > > //if the temp_password value is set to 1 then have the user change the password. > $row = mysql_fetch_array($result); > if ($row['temp_pass']==1){ > header("location:change_pass.php"); > die(); > }//end if > > setcookie('last_time', date("Ymd-his"),time()+60*60*24*30,'/'); > echo "here"; > header("location:/login_unit/brokerpanel.htm"); > exit(); > }else{ > $err_msg = "<font color=red>No match found! If you have forgotten your password, please click the link at the right.</font"; > show_form(); > exit(); > } >}//end functon > >?> > >bastien > > >From: "moses Woldeselassie" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED], php-db@lists.php.net > >Subject: RE: [PHP-DB] MySQLPHP decrypt(password) > >Date: Mon, 28 Feb 2005 11:16:23 + > > > >Thank you Bastien > > > >It works fine, but i do have a problem with login. MySQL does not allowed the user to login. > > > > > >I did try to use sending email without using the change_password(), but it is sending different password each time: > > > >1. Why is it sending different password for one user? > >2. How could I get a user password without changing a user password? > > > > > > > > > >kind regards > >m > > > > > > > > > > > > > >>From: "Bastien Koert" <[EMAIL PROTECTED]> > >>To: [EMAIL PROTECTED], php-db@lists.php.net > >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password) > >>Date: Fri, 25 Feb 2005 14:04:30 -0500 > >> > >>You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login... > >> > >>[code] > >>function mail_password() > >>{ > >> global $err_msg; > >> //get the variables from the form > >> if ((isset($_POST['email']))&&(i
RE: [PHP-DB] MySQLPHP decrypt(password)
thank you. I do have login and registration script, which work fine. the problem is with new password. I am using password() to registrate a user. I did change in the change_password() md5() into password(), it changes the user password. I coud easliy see it in mysql db. but a user could not login using the new password. do i have to change the password() into md5() in the registration php script? 1. is it anyway i could get the password without changing a user password from mysql. kind regards m >From: "Bastien Koert" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: RE: [PHP-DB] MySQLPHP decrypt(password) >Date: Mon, 28 Feb 2005 09:31:20 -0500 > >There needs to be a separate login page...The previous page was simply to change the password... > >here is my login function... > >//--- >// login function >//--- >function login() >{ > global $err_msg; > $errors = array(); > > if ((empty ($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){ > $errors[] = "<font color=red>You didn't enter a correct login name.</font>";} > if ((empty ($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){ > $errors[] = "<font color=red>You didn't enter a password.</font>";} > > if (count($errors) > 0) { > > for ($i = 0; $i < $nerrors; $i++){ > $err_msg .= $errors[$i]."<br />"; > } > show_form(); > exit(); > }//end if > > $lg_name = $_POST['lg_name']; > $lg_pw = $_POST['lg_pw']; > > $new_select = "select cust_lg, cust_pw, temp_pass from cust_info where cust_lg = '$lg_name' and cust_pw = '$lg_pw'"; > $result = connect($new_select); > $num_result = mysql_num_rows ($result); > > if ($num_result == 1) { > > //if the temp_password value is set to 1 then have the user change the password. > $row = mysql_fetch_array($result); > if ($row['temp_pass']==1){ > header("location:change_pass.php"); > die(); > }//end if > > setcookie('last_time', date("Ymd-his"),time()+60*60*24*30,'/'); > echo "here"; > header("location:/login_unit/brokerpanel.htm"); > exit(); > }else{ > $err_msg = "<font color=red>No match found! If you have forgotten your password, please click the link at the right.</font"; > show_form(); > exit(); > } >}//end functon > >?> > >bastien > > >From: "moses Woldeselassie" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED], php-db@lists.php.net > >Subject: RE: [PHP-DB] MySQLPHP decrypt(password) > >Date: Mon, 28 Feb 2005 11:16:23 + > > > >Thank you Bastien > > > >It works fine, but i do have a problem with login. MySQL does not allowed the user to login. > > > > > >I did try to use sending email without using the change_password(), but it is sending different password each time: > > > >1. Why is it sending different password for one user? > >2. How could I get a user password without changing a user password? > > > > > > > > > >kind regards > >m > > > > > > > > > > > > > >>From: "Bastien Koert" <[EMAIL PROTECTED]> > >>To: [EMAIL PROTECTED], php-db@lists.php.net > >>Subject: RE: [PHP-DB] MySQLPHP decrypt(password) > >>Date: Fri, 25 Feb 2005 14:04:30 -0500 > >> > >>You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login... > >> > >>[code] > >>function mail_password() > >>{ > >> global $err_msg; > >> //get the variables from the form > >> if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){ > >> $email = $_POST['email']; > >> $mid = $_POST['lg_name']; > >> $date_cookie = $_COOKIE['last_time']; > >> }else{ > >> $err_msg = "<b>Please enter both your email address and your username. Thank you.</b>"; > >> show_form(); > >> die(); > >> }//end if > >> > >> /
RE: [PHP-DB] MySQLPHP decrypt(password)
Thank you Bastien It works fine, but i do have a problem with login. MySQL does not allowed the user to login. I did try to use sending email without using the change_password(), but it is sending different password each time: 1. Why is it sending different password for one user? 2. How could I get a user password without changing a user password? kind regards m >From: "Bastien Koert" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED], php-db@lists.php.net >Subject: RE: [PHP-DB] MySQLPHP decrypt(password) >Date: Fri, 25 Feb 2005 14:04:30 -0500 > >You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login... > >[code] >function mail_password() >{ > global $err_msg; > //get the variables from the form > if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){ > $email = $_POST['email']; > $mid = $_POST['lg_name']; > $date_cookie = $_COOKIE['last_time']; > }else{ > $err_msg = "<b>Please enter both your email address and your username. Thank you.</b>"; > show_form(); > die(); > }//end if > > //create the sql and run the query > $sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'"; > > $result = connect($sql); > > //check the query results > if (mysql_num_rows($result)!=1){ > $err_msg = "<font color=red>No results found. Please re-enter your username and email address to try again.</font>"; > show_form(); > > }else{ > > $row = mysql_fetch_array($result); > $email2 = $row['cust_email']; > $pass = $row['cust_pw']; > > //call the change password function and pass it the information related to the record to create the temp password > $new_pass = change_password($mid, $pass); > > $sendto = $email2; > $from = "WebMaster <[EMAIL PROTECTED]>"; > $subject = "Forgotten Password"; > $message = "Dear $email2, > > Your password is $new_pass. > > Regards, > Webmaster"; > echo $message; > > $headers = "MIME-Version: 1.0\n"; > $headers .= "Content-type: text/plain; charset=iso-8859-1\n"; > $headers .= "X-Priority: 3\n"; > $headers .= "X-MSMail-Priority: Normal\n"; > $headers .= "X-Mailer: php\n"; > $headers .= "From: \"".$from."\" <".$from.">\n"; > > if (!mail($sendto, $subject, $message, $headers)){ > echo "Mail failed to send"; > }else{ > header("location:confirm1.htm"); > }//end if > }//end if >}//end function > >//--- >// change password function >//--- >function change_password($id, $password) >{ > //generate a random password > $pass = ""; > $salt = "abchefghjkmnpqrstuvwxyz0123456789"; > srand((double)microtime()*100); > $i = 0; > while ($i <= 7) { > $num = rand() % 33; > $tmp = substr($salt, $num, 1); > $pass = $pass . $tmp; > $i++; > } > //change the password in the db > $sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'"; > $result = connect($sql); > if ($result){ > return $pass; > }else{ > change_password($id, $password); > } >}//end function >[/code] > > >bastien > > > > >From: "moses Woldeselassie" <[EMAIL PROTECTED]> > >To: php-db@lists.php.net > >Subject: [PHP-DB] MySQLPHP decrypt(password) > >Date: Fri, 25 Feb 2005 10:20:55 + > > > >hi all > > > >I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? > > > > > >kind regards > >m > > > >-- > >PHP Database Mailing List (http://www.php.net/) > >To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
On Fri, 2005-02-25 at 10:20 +, moses Woldeselassie wrote: >hi all > >I am using password() to crypt a user password online. but how do i decrypt >a user password, when user forgot his/her password? > > >kind regards >m > You don't. You make them reset their password. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development * --- Now hosting Ruby on Rails Apps --- / -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] MySQLPHP decrypt(password)
You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login... [code] function mail_password() { global $err_msg; //get the variables from the form if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){ $email = $_POST['email']; $mid = $_POST['lg_name']; $date_cookie = $_COOKIE['last_time']; }else{ $err_msg = "Please enter both your email address and your username. Thank you."; show_form(); die(); }//end if //create the sql and run the query $sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'"; $result = connect($sql); //check the query results if (mysql_num_rows($result)!=1){ $err_msg = "No results found. Please re-enter your username and email address to try again."; show_form(); }else{ $row = mysql_fetch_array($result); $email2 = $row['cust_email']; $pass = $row['cust_pw']; //call the change password function and pass it the information related to the record to create the temp password $new_pass = change_password($mid, $pass); $sendto = $email2; $from = "WebMaster <[EMAIL PROTECTED]>"; $subject= "Forgotten Password"; $message= "Dear $email2, Your password is $new_pass. Regards, Webmaster"; echo $message; $headers = "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\n"; $headers .= "X-Priority: 3\n"; $headers .= "X-MSMail-Priority: Normal\n"; $headers .= "X-Mailer: php\n"; $headers .= "From: \"".$from."\" <".$from.">\n"; if (!mail($sendto, $subject, $message, $headers)){ echo "Mail failed to send"; }else{ header("location:confirm1.htm"); }//end if }//end if }//end function //--- // change password function //--- function change_password($id, $password) { //generate a random password $pass = ""; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*100); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } //change the password in the db $sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'"; $result = connect($sql); if ($result){ return $pass; }else{ change_password($id, $password); } }//end function [/code] bastien From: "moses Woldeselassie" <[EMAIL PROTECTED]> To: php-db@lists.php.net Subject: [PHP-DB] MySQLPHP decrypt(password) Date: Fri, 25 Feb 2005 10:20:55 + hi all I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? kind regards m -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] MySQLPHP decrypt(password)
moses Woldeselassie wrote: hi all I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password? kind regards m You don't - that's the point. You have to provide them with a way to reset their password, based on some other method of authentication. Traditionally this is done with mailing a user a password reset link, and having that link only available for a short period of time. Cheers, -- - Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php