password()

Anon

I am having a problem with password();. I put users that signup to my site passwords in a database using password('$password') but when I want to take the passwords from a database to email them to the user in the case that they forget their password it emails them the encrypted password. How can I change this? I don't want to not use password() and I dont want to use md5..

kparker

Just Say No. Emailing the old password requires the password to be encrypted (rather than hashed as with password() or md5()). Instead, just make up a new random password and send it to them. If you're cautious, you will also add a few other checks to make denial-of-service attacks at least a little bit hard.

Anon

Hi,
There is NO WAY you can get the decrypted password which has been encrypted using PASSWORD() function.If you want to store the password encrypted and get the decrypted value you need to use ENCODE() and DECODE() functions of MySQL see MySQL doc for details.

Cheers
Ajay