[RESOLVED] De-Encryption Help

Shaped

Hi all,

I found these functions on php.et a long time ago and decided to use them in my login-register scripts on my site.

function pw_encode($password)
{
   for ($i = 1; $i <= 8; $i++)
   $seed .= substr('0123456789abcdef', rand(0,15), 1);
   return md5($seed.$password).$seed;
}
function pw_check($password,$stored_value)
{
   $stored_seed = substr($stored_value,32,8);
   if (md5($stored_seed.$password).$stored_seed == $stored_value)
     return TRUE;
   else
     return FALSE;
}

now this works ok, when someone registers there p/w is encrypted and stored in the database,

What i need to do now is make a password retreival function and im not sure how to.
How can i make a password retreival function. A few on my site have lost thier p/w and i carnt help them as its encrypted.

Norman_Graham

Hi Shaped

I could well be wrong about this, but I understand md5 to be a one-way street. The whole point is that there is no simple method for decrypting the hash. That's what makes it secure. I believe md5-hashes can be cracked, although not without persistent effort.

Why don't you do what many, and perhaps even most, websites with a log-in do? If a user loses their password, then the webmaster replaces it with a new, randomly chosen one and mails it to the user's specified mail account. The user is then encouraged to log in with the new password and change it a password of their choice ASAP.

HTH

Norman

Shaped

yes buddy i think ill have to then, prob the best way to do it.

Thanks for reply.