[PHP] Trying to e-mail password
I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
At 01:09 13.11.2002, Ben C. said: [snip] I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! [snip] I assume that the column holding the password is simnply named 'password', not 'password(password)'. while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password']; -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
You should do like this: $password = $row['password']; This return weird crypted value of your password. Unless you want send the this weird password. The function mysql_password is irreversible, you cannot get back the value crypted by password. Use ENCODE and DECODE instead, - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 11:09 AM Subject: [PHP] Trying to e-mail password I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
Is there not any way to reverse the crypted password before e-mailing?? If not, how do I use ENCODE / DECODE? From: rija [EMAIL PROTECTED] Date: 2002/11/12 Tue PM 07:32:28 EST To: php [EMAIL PROTECTED], Ben C. [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password You should do like this: $password = $row['password']; This return weird crypted value of your password. Unless you want send the this weird password. The function mysql_password is irreversible, you cannot get back the value crypted by password. Use ENCODE and DECODE instead, - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 11:09 AM Subject: [PHP] Trying to e-mail password I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Trying to e-mail password
If the password is md5, then no - you can't reverse it because md5 is a one way hash. If you want to have bi-direction encryption/decryption, look into using mcrypt. - just not on windows... Because it will make you want to kill yourself. http://www.php.net/mcrypt -Original Message- From: Ben C. [mailto:benc;cox.net] Sent: Tuesday, November 12, 2002 5:08 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password Is there not any way to reverse the crypted password before e-mailing?? If not, how do I use ENCODE / DECODE? From: rija [EMAIL PROTECTED] Date: 2002/11/12 Tue PM 07:32:28 EST To: php [EMAIL PROTECTED], Ben C. [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password You should do like this: $password = $row['password']; This return weird crypted value of your password. Unless you want send the this weird password. The function mysql_password is irreversible, you cannot get back the value crypted by password. Use ENCODE and DECODE instead, - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 11:09 AM Subject: [PHP] Trying to e-mail password I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Outgoing mail is certified Virus Free. Can McAfee do that? - Hell NO! Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 230 - Release Date: 10/24/2002 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
ENCODE(value, 'secret code') DECODE(field name, 'secret code') to record ... VALUES ( ... blahblah, ENCODE('$passord', 'secret code', ... BLAH BHAL) ; and to read the value do like this MYSQL_QUERY(SELECT DECODE(password, 'secret code') as password, id, BLAH BLAH - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 12:07 PM Subject: Re: [PHP] Trying to e-mail password Is there not any way to reverse the crypted password before e-mailing?? If not, how do I use ENCODE / DECODE? From: rija [EMAIL PROTECTED] Date: 2002/11/12 Tue PM 07:32:28 EST To: php [EMAIL PROTECTED], Ben C. [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password You should do like this: $password = $row['password']; This return weird crypted value of your password. Unless you want send the this weird password. The function mysql_password is irreversible, you cannot get back the value crypted by password. Use ENCODE and DECODE instead, - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 11:09 AM Subject: [PHP] Trying to e-mail password I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Trying to e-mail password
If you want an email password feature, then just store it as plain text. If someone is able to get access to your database, that means they more than likely have access to the rest of your box, so your 'secret code' is worthless. ---John Holmes... -Original Message- From: rija [mailto:rija;vatu.com] Sent: Tuesday, November 12, 2002 9:37 PM To: php; Ben C. Subject: Re: [PHP] Trying to e-mail password ENCODE(value, 'secret code') DECODE(field name, 'secret code') to record ... VALUES ( ... blahblah, ENCODE('$passord', 'secret code', ... BLAH BHAL) ; and to read the value do like this MYSQL_QUERY(SELECT DECODE(password, 'secret code') as password, id, BLAH BLAH - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 12:07 PM Subject: Re: [PHP] Trying to e-mail password Is there not any way to reverse the crypted password before e-mailing?? If not, how do I use ENCODE / DECODE? From: rija [EMAIL PROTECTED] Date: 2002/11/12 Tue PM 07:32:28 EST To: php [EMAIL PROTECTED], Ben C. [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password You should do like this: $password = $row['password']; This return weird crypted value of your password. Unless you want send the this weird password. The function mysql_password is irreversible, you cannot get back the value crypted by password. Use ENCODE and DECODE instead, - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 11:09 AM Subject: [PHP] Trying to e-mail password I am trying to have a form that send a user their email and password to login. I am using the following: while ($row = mysql_fetch_array($result)) { $email = $row['email']; $password = $row['password(password)']; When I use the mail() function to send both $email and $password I receive an e-mail with a blank password. What am I doing wrong. Please help! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
I don't think so, data stored as plain text is almost stored intact in the file system. Using stupid windows for example, you can easily open mysql file table.MYD in the folder database with NotePad, and you can read everything. Which means, everybody without any hacking knowledge can access to user's password and mailbox stored in your site, since he had access to the system folder. And if you have rented server it is recommanded to crypt strategic data. - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: [EMAIL PROTECTED]; 'php' [EMAIL PROTECTED]; 'Ben C.' [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 2:05 PM Subject: RE: [PHP] Trying to e-mail password If you want an email password feature, then just store it as plain text. If someone is able to get access to your database, that means they more than likely have access to the rest of your box, so your 'secret code' is worthless. ---John Holmes... -Original Message- From: rija [mailto:rija;vatu.com] Sent: Tuesday, November 12, 2002 9:37 PM To: php; Ben C. Subject: Re: [PHP] Trying to e-mail password ENCODE(value, 'secret code') DECODE(field name, 'secret code') to record ... VALUES ( ... blahblah, ENCODE('$passord', 'secret code', ... BLAH BHAL) ; and to read the value do like this MYSQL_QUERY(SELECT DECODE(password, 'secret code') as password, id, BLAH BLAH - Original Message - From: Ben C. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 12:07 PM Subject: Re: [PHP] Trying to e-mail password Is there not any way to reverse the crypted password before e-mailing?? If not, how do I use ENCODE / DECODE? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Trying to e-mail password
I don't think so, data stored as plain text is almost stored intact in the file system. Using stupid windows for example, you can easily open mysql file table.MYD in the folder database with NotePad, and you can read everything. Which means, everybody without any hacking knowledge can access to user's password and mailbox stored in your site, since he had access to the system folder. And if you have rented server it is recommanded to crypt strategic data. Okay, so why are you giving users read access to the mysql data folder? They can also open up your .php file and find your secret code. It won't hurt anything to encode it in the database, but just don't get this overwhelming sense of security and think everything is safe. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
Okay, so why are you giving users read access to the mysql data folder? They can also open up your .php file and find your secret code. I think, it is good discussion, so I try to go deeper to it, because we need improve security. And I hope another people to join this. Since I don't have my own server, I have to buy external hosting service maybe in Costa Rica or in Panama or in South Africa, so I don't know who are going to administrate my site first? Whoelse can have access to the system. I don't know how safe is it? I just bought it because it was cheap, or simply it was in my way. And suppose some hacker is entered to the server, because he would like hack the server not my user's mailbox. Surprise, he found plenty of address email with its password. Really cool Using ENCODE and DECODE with protected 'secret code' help you to improve your security and user's security. And you don't lost anything doing this, on the contrary, it is a good marketing arguments, like as your system (site) is more safe than other and user could fell in. It won't hurt anything to encode it in the database, but just don't get this overwhelming sense of security and think everything is safe. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Trying to e-mail password
Using ENCODE and DECODE with protected 'secret code' help you to improve your security and user's security. And you don't lost anything doing this, on the contrary, it is a good marketing arguments, like as your system (site) is more safe than other and user could fell in. And where do you plan on storing this 'secret code' that your dynamic PHP script have to have access to in order to add users and send forgotten email messages?? If you have something to protect, then you should have your own server or get it with someone you can trust. If the hacker can see your mysql data, they can see the source of your PHP scripts, and nothing is hidden anymore. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
John W. Holmes [EMAIL PROTECTED] wrote: ...[snip]... And where do you plan on storing this 'secret code' that your dynamic PHP script have to have access to in order to add users and send forgotten email messages?? If you have something to protect, then you should have your own server or get it with someone you can trust. If the hacker can see your mysql data, they can see the source of your PHP scripts, and nothing is hidden anymore. Unless you encode your PHP scripts ;) ...with Zend Encoder, perhaps? I agree. You really need to have your own server, within your own premises, (physically) accessible only by your own self if you're really thinking about making your scripts/db/site secure. I am not against encoding/decoding passwords in the db. In fact, I'd even say that it's a good idea to encode names, tel nos., e-mail addresses, etc. But what beats me is this: This thread is about e-mailing passwords. If you're thinking about security why would you send your user's password? Beats me. (Unless of course you're using some kind of digital signature, etc. and encoding you're e-mails as well...) Just mho, - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Trying to e-mail password
I was setting up a news site that is customized for the registered user. I wanted that user to have the ability to be able to click a button and have the password e-mailed to him. The password function that I used is password(password) through mysql. Do you know how I can get the encrypted string to translate to the password to be emailed? -Original Message- From: @ Edwin [mailto:copperwalls;hotmail.com] Sent: Tuesday, November 12, 2002 10:45 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Trying to e-mail password John W. Holmes [EMAIL PROTECTED] wrote: ...[snip]... And where do you plan on storing this 'secret code' that your dynamic PHP script have to have access to in order to add users and send forgotten email messages?? If you have something to protect, then you should have your own server or get it with someone you can trust. If the hacker can see your mysql data, they can see the source of your PHP scripts, and nothing is hidden anymore. Unless you encode your PHP scripts ;) ...with Zend Encoder, perhaps? I agree. You really need to have your own server, within your own premises, (physically) accessible only by your own self if you're really thinking about making your scripts/db/site secure. I am not against encoding/decoding passwords in the db. In fact, I'd even say that it's a good idea to encode names, tel nos., e-mail addresses, etc. But what beats me is this: This thread is about e-mailing passwords. If you're thinking about security why would you send your user's password? Beats me. (Unless of course you're using some kind of digital signature, etc. and encoding you're e-mails as well...) Just mho, - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to e-mail password
Ben C. [EMAIL PROTECTED] wrote: I was setting up a news site that is customized for the registered user. I wanted that user to have the ability to be able to click a button and have the password e-mailed to him. The password function that I used is password(password) through mysql. Do you know how I can get the encrypted string to translate to the password to be emailed? I didn't really read the whole thread and I'm not sure if somebody already told you about decode(). I think that'll do the trick. If not, sorry I can't be of much help. But Google can help you: (Try: mysql decode password as your keyword.) http://www.google.com/search?hl=enie=UTF-8oe=UTF-8q=mysql+decode+password - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php