Printing passwords?

Anon

When a password is saved, it turns into something like "606717496665bcba" in the database. What is the code to get the original password printed? This is something I am having a very hard time finding.

Anon

Depends on the database you are using. If you are using MySQL and are putting the data in using the password() function then you can't get the original back out. MySQL's password() function uses the same 1-way algorithm that UNIX uses. Which means that once it's encrypted you can't get the original back.

Anon

Yes, I am using MySQL. If the password() function keeps you from reversing the encryption, then what else can be done (with still preserving security)?

Anon

The odds of anyone getting into your DB & also past the admin pass for mysql are very RARE if at all not too mention knowing what db's you have there.

Just make sure you have to use -u[user] -p[pass] to update any db's via command line.

Anon

If you really do need reversability, then the only real option is to install mcrypt. This is not particularly hard to do, but give a search here first for 'mcrypt' because there's one specific version of mcrypt you need to get, and the docs don't mention it, but some helpful person did here a while back.

But first, you might want to consider if you really do need to decrypt passwords.

Anon

I agree with Kirk. If someone can get into mysql to see the passwords, they can get into your scripts to see how you are decrypting. Nothing gained.

Also, if they get that far they can get any other data they're after....

I usually store passwords plain text. Where that isn't acceptable for whatever reason, I just use password() and require an email address. If they forget their password I just reset it to an md5 hash as a temp, email it to them and require them to choose a new password when they log in with the temp.

Anon

I agree with Kirk. If someone can get into mysql to see the passwords,
they can get into your scripts to see how you are decrypting.
...
I usually store passwords plain text.

Yikes! Nice as it is to have people agreeing with me, I fear you may be agreeing with something I didn't say. I would not for the world counsel him to not bother <b>en</b>crypting passwords; I was calling into question the need to <b>de</b>crypt them.

Anon

Hi,

If you only want to encrypt the passwords in your mysql database and validate users against the encrypted password there is a simple way to do it.

Just perform the query "select password('$password')"

where $password is in plain text. Asign the result to $encpassword then perfrom a query similar to

"select * from users where username='$username' and password='$encpassword'";

You don't need to decrypt the password for user authentication. Hope this helps.