Hi,
I have a password field that is inserted into my database with...

$sql="INSERT INTO table(user_name,password,email,address1) ".
"VALUES ('$user_name','". md5($password1) ."','$email')";

The password is encryped with MD5 then entered into the database. I want to have a forgotten password function, so you enter the username, and it e-mails the password to you. But just using "select password,email where username='$username'" will only send the password encrypted. Is there anyway on decryping it 1st, then sending it?
Cheers
/v00d00

    md5 is one-way form of encryption... its somewhat of a hash function... So, sorry.. there is no way to do a forgotten password element to your site... best suggestion would be to change the password to something new and email the user that new password.

      OK cheers! I'll try that for now.
      What would be the best way to store a password? If MD5 is oneway. Is there another way, that can be decrypted, and sent via e-mail?
      Cheers
      Ben

        Sure, you could install the mcrypt module, but why would you want to? Emailing someone an old password is a fairly bad idea: make up a one-time password and send that, and while you're at it, give them a narrow time window for that temporary password to be viable. I've even gone so far as to require the subsequent connection to be from the same IP. None of this is perfect protection, but every little bit helps.

          Anything that can be decrypted isn't very good. If someone does get into your database, all they will have to do is decrypt them. Granted, it is a little better than storing them in plain-text though.

            Agreed. Using MD5 and then emailing a new password when needed is the best way.

            Requiring the same IP is a bit harsh though, doesn't bode well for those on dial up.

            -- Nick Gushlow

              Requiring the same IP is a bit harsh
              though, doesn't bode well for those on
              dial up.

              Realistically, if they can't receive the new ID in a few-minute time frame, something else bad is going on. The worst that happens is they have to try again later.

                Oh I'm with you now. That makes sense and is pretty fair. I thought you meant the same IP as when the last successfully logged in. Which would have been a bugger if you hadn't logged in for a few days and then forgot you password. 🙂

                -- Nick Gushlow

                  9 months later

                  hi,
                  we are building a site for Software protection,For that we genarated a CDkey for serverIP and product.Now we would like to retrive the ServerIP based on CDkey.That is reverse to first one.So for this task ,Is There any Reverse Algorithem(i mean reverse MD5).
                  Hope you will guide in this issue.pl send the required information .
                  regards
                  vaddi

                    3 months later

                    Yes it has. I heart about it. It`s no simple but exists. Search i hope you find it.

                      Write a Reply...