"Ben C." <[EMAIL PROTECTED]> wrote:
> I was setting up a news site that is customized for the registered user.
I
> wanted that user to have the ability to be able to click a button and have
> the password e-mailed to him. The password function that I used is
> password(password) through mysql.
string to translate to the password to be emailed?
-Original Message-
From: @ Edwin [mailto:copperwalls@;hotmail.com]
Sent: Tuesday, November 12, 2002 10:45 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Trying to e-mail password
"John W. H
"John W. Holmes" <[EMAIL PROTECTED]> wrote:
>
...[snip]...
> And where do you plan on storing this 'secret code' that your dynamic
> PHP script have to have access to in order to add users and send
> forgotten email messages??
>
> If you have something to protect, then you should have your own
> Using ENCODE and DECODE with protected 'secret code' help you to
improve
> your security and user's security. And you don't lost anything doing
this,
> on the contrary, it is a good marketing arguments, like as your system
> (site) is more safe than other and user could fell in.
And where do you
>
> Okay, so why are you giving users read access to the mysql data folder?
> They can also open up your .php file and find your "secret code."
I think, it is good discussion, so I try to go deeper to it, because we need
improve security. And I hope another people to join this.
Since I don't hav
> I don't think so,
> data stored as plain text is almost stored intact in the file system.
>
> Using stupid windows for example,
> you can easily open mysql file "table.MYD" in the folder database with
> NotePad, and you can read everything. Which means, everybody without
any
> hacking knowledge
D]>; "'php'" <[EMAIL PROTECTED]>; "'Ben C.'"
<[EMAIL PROTECTED]>
Sent: Wednesday, November 13, 2002 2:05 PM
Subject: RE: [PHP] Trying to e-mail password
> If you want an email password feature, then just store it as plain text.
> If s
> From: rija [mailto:rija@;vatu.com]
> Sent: Tuesday, November 12, 2002 9:37 PM
> To: php; Ben C.
> Subject: Re: [PHP] Trying to e-mail password
>
> ENCODE(value, 'secret code')
> DECODE(field name, 'secret code')
>
> to record
> " ... VALU
t code') as password, id, BLAH
BLAH
- Original Message -
From: "Ben C." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 13, 2002 12:07 PM
Subject: Re: [PHP] Trying to e-mail password
> Is there not any way to reverse the crypted pas
ssage-
From: Ben C. [mailto:benc@;cox.net]
Sent: Tuesday, November 12, 2002 5:08 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Trying to e-mail password
Is there not any way to reverse the crypted password before e-mailing??
If not, how do I use ENCODE / DECODE?
>
> From: "rija&qu
Is there not any way to reverse the crypted password before e-mailing??
If not, how do I use ENCODE / DECODE?
>
> From: "rija" <[EMAIL PROTECTED]>
> Date: 2002/11/12 Tue PM 07:32:28 EST
> To: "php" <[EMAIL PROTECTED]>,
> "Ben C.&q
You should do like this:
$password = $row['password'];
This return weird crypted value of your password.
Unless you want send the this weird password. The function mysql_password is
irreversible, you cannot get back the value crypted by password. Use ENCODE
and DECODE instead,
- Original M
At 01:09 13.11.2002, Ben C. said:
[snip]
>I am trying to have a form that send a user their email and password to
>login. I am using the following:
>
>while ($row = mysql_fetch_array($result)) {
> $email = $row['email'];
> $passw
13 matches
Mail list logo
