Ok I've set it up so when users create an account the database stores their information and it encrypts their password in md5. I have a password retrieval function that sends a users username and password in an email to the email address on file. Now the problem is that the password is encrypted in md5, so how can I decrypt it to show the user what their password is? Or do I just have to make the script reset their password to something else and then give the user that new password?

    aspekt9 wrote:

    Or do I just have to make the script reset their password to something else and then give the user that new password?

    Yes. (MD5 is a hashing algorithm, a.k.a. "one-way encryption".)

      aspekt9 wrote:

      Ok I've set it up so when users create an account the database stores their information and it encrypts their password in md5. I have a password retrieval function that sends a users username and password in an email to the email address on file. Now the problem is that the password is encrypted in md5, so how can I decrypt it to show the user what their password is? Or do I just have to make the script reset their password to something else and then give the user that new password?

      During your password retrieval function create a random password, md5 it to your database but send it plain to the user.

      mt_srand((double)microtime() * 1000000);
$charlist = "qwertyuiopasdfghjklzxcvbnm1234567890";
$newpass = '';
$max = strlen($charlist) - 1;
for ($i = 0; $i < 10; $i++) {
    $randnum = mt_rand(0, $max);
    $newpass .= $charlist{$randnum};
}

      That might help

        Yeah, thats what I ended up doing, it works great now. Thanks guys.

          Write a Reply...