Update md5 encrypted password

SoulAssassin

Hi guys
I have a add new user page, where I can select a password.

adduser.php

<?php
include("config.php");

if(isset($_POST['Submit']))
{ 
if ($_POST['username'] == "" or $_POST['user_pass'] == "" or $_POST['email'] == "") 
{

$msg3 = true;
$pass = "no"; }

$email = $_POST['email'];
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", $email)) {
   $msg4 = true; $pass = "no"; }

if (!$pass == "no") {
$username = $_POST['username'];
$user_pass = md5($_POST[user_pass]);  //password encrypted
$brokercode = $_POST['brokercode'];
$user_level = $_POST['user_level'];
$email = $_POST['email'];
$dt = date("d-m-Y");
$gra = getenv("REMOTE_ADDR");

// CHECK FOR DUPLICATE
$result = mysql_query("Select * from login_table",$con);

while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$n++;

if ($username == $row['username']) {$_GET['userid'] = "";

header("Location: adduser.php?pass=no&msg2=true");
}
if ($email == $row['email']) {$_GET['userid'] = "";

header("Location: adduser.php?pass=no&msg2b=true");
}
}


    if(!isset($_GET['userid']))
    { 
            $result = mysql_query("Insert into login_table(username,user_pass,brokercode,email,user_level,date,user_ip) values('$username', '$user_pass', '$brokercode', '$email','$user_level','$dt','$gra')");
            $msg2 = "";
			$msg3 = ""; 
			$msg = "You are now registered &nbsp; <a href='login.php'>LOGIN HERE</a>";
			include "send.php";
    }

}}
?>
<html>
<head>
<title>ADD USER</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="50%" border="0" align="center">
  <tr> 
    <td><div align="center"> 
        <p><strong><img src="../images/logo.gif" width="270" height="30"></strong></p>
      </div></td>
  </tr>
</table>
<br>
<table width="50%" border="0" align="center">
  <tr> 
    <td><div align="center"> 
        <p><strong><a href="admin.php"><img src="../images/back.gif" border="0"></a></strong></p>
      </div></td>
  </tr>
</table>
<form name="form1" method="post" action="adduser.php">
  <h3 align="center">Add New User</h3>
  <table width="40%" border="1" align="center" cellpadding="1" cellspacing="1" bordercolor="#000000" bgcolor="3E5E89">
    <tr> 
      <td width="20%"><div align="right"><strong>User Name:</strong></div></td>
      <td width="40%"><input name="username" type="text" id="username" value="" maxlength="15"></td>
    </tr>
    <tr> 
      <td><div align="right"><strong>Password:</strong></div></td>
      <td><input name="user_pass" type="password" id="user_pass" value="" maxlength="15"></td>
    </tr>
    <tr> 
      <td><div align="right"><strong>Brokercode:</strong></div></td>
      <td><input name="brokercode" type="text" id="brokercode" value="" maxlength"25"></td>
    </tr>
    <tr> 
      <td><div align="right"><strong>Email Address:</strong></div></td>
      <td><input name="email" type="text" id="email" value="" maxlength"25"></td>
    </tr>
    <input name="user_level" type="hidden" id="user_level" value="1">
    <tr> 
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Add User"> <input type="reset" name="Submit2" value="Reset"></td>
    </tr>
  </table>
  <p class = "smallErrorText" align="center">
  <?php
   if ($msg2) {$msg = "The user name you have choosen is already in use, sorry, please choose another";}
  if ($msg2b) {$msg = "The email address you have choosen is already in use, sorry, please choose another";} 
  if ($msg3) {$msg = "Error, you must fill in all fields";}
  if ($msg4) {$msg = "Error, you must enter a valid email address";}

  echo $msg; ?>
  </p>

</form>
</body>
</html>

Now if I have a page to Update this detail, how would the Change Password field look?

$user_pass = md5($_POST[user_pass]);  //password encrypted
<input type="user_pass" name="user_pass" value="<?php echo $row['user_pass']; ?>">

Any Suggestions?

suntra

md5() is a one-way encryption, so there is absolutely noway to decrypt it !

One thing you could do is to create a new random password, "md5() it", and store it in the your DB. Then you send an email to the user with the new password and tell him/her to change it ASAP...

But you'll never be able to decrypt md5...

Also, PLEASE make sure to ALWAYS use mysql_real_escape_string() (PHP4) or mysqli_real_escape_string() (PHP5) when inserting data in a DB. Why ? Simply to prevent "bad people" from doing trouble in your db !

SoulAssassin

Thanks for your reply.
I don't realy want to decript it.
I just want to know how I can change it.
Which the user need to do in anycase if I give him a random password.

Maybe like this:

<?
$user_pass = md5($_POST[user_pass]);  //password encrypted
?>
<input type="user_pass" name="user_pass" value="">

then just Update table set user_pass='$user_pass' ?

moonbrat

If you want to update it, you need to do something like:

sql="update $table set user_pass=md5($_POST['user_pass']) where $user_email limit 1";

This is just an example...but in any case the md5() part will encrypt it for you in your database because the sql update table coding is telling it to do it.