I want to create a page that displays an encrypted password from the database.

Obviously when I try to do this it prints out the encrypted value.

I want to do the following query:

select password from user where userid = '$userid';

How do I decrypt the 'password' field??

Thanks!!

    It depends on how you are encrypting your passwords. If you are using MySQL's PASSWORD() you cannot decrypt it, well the method to do so is not published anyway.

      A good password systems stores passwords in what is called a one-way hash. i.e. you can turn the crank to go from password to hash, but you can't go back.

      So you can't do what you want to do, and that's a Good Thing (TM)

        If you forgot your password you must override it just like yahoo does when you forget pass. They never tell you the password instead they will create another.

          why do you need to decrypt the password?

            I just wanted to be able to retrieve it if it was forgotten, doesnt matter know, if simply offered the ability to change it instead

            Thanks

              Sounds like you wanna decrypt phpBB - and that is MD5 - so good-luck :p

                a year later

                I think maybe jacquesy is wanting to do the same thing I am trying to do: simply authenticate a user name and password.

                Since I am using PHPBB, I want to use the PHPBB user name and password to login to the rest of my website as well (and thus avoid making the users login once for the site and again for the forums.) I knew I would need to know how phpbb was encrypting the password in order to check what the user entered. I also assumed I woild need to decrypt it in order to check it. It seemed logical at tje time (and probably seems logical to most who are new to data security and web development.) However, after reading this thread, it's apparent that I (and jacquesy) need to encrypt the user entered password and then compare that to the database entry.

                Now, can anyone tell me if there is a key or some special technique I need to follow to encrypt the user entered password and end up with the same string that is in the phpbb users table? I have already found in the code that phpbb uses the md5 function for encryption, and I've looked it up php.net but I am new to this so any tips on using it would be appreciated.

                Thanks!

                  I succeeded in logging myself on to my website using my phpbb password.

                    You can certainly crack the password, but indeed the method for decrypting MD5's isn't published, because you simply cannot decrypt a one-way hash.

                      Write a Reply...