SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unscramble Password to Display

    I have a "Forgot Password" script where you enter in your email and it querys the database and emails the password to the email address. My problem is that it is returning "Resource id #3" as the password to the user from the query. I used password('$passwd') to scramble the password when it was first regestered to the databse; how can I display the password to the user unscrambled???

    Here is the guts to the 'Forgot Password' script:
    PHP Code:
    $username1="XxXxXx";
    $password1="XxXxXx";
    $database="onestop_bookmarks";

    mysql_connect(localhost,$username1,$password1);
    @
    mysql_select_db($database) or die( "Unable to select database");
    $query="SELECT passwd FROM user WHERE email='$email1'";
    $passwd=mysql_query($query);

    mail"$email1""Your account password""One Stop Auctin Shop Info - Username: $username - Password: $passwd - http://onestopauctionshop.com""From: One Stop Auction Shop");

    print(
    "<center>Your password has been sent to $email1. <meta http-equiv=\"Refresh\" content=\"2; URL=index.php\"/></center>"); 
    When I test with my email address, it returns "Resource id #3" as the password instead of the correct password. In the database the password is stored as "46d0181f15735ae3". How can I display the password from the database unscrambled?

  2. #2
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try :

    PHP Code:

    $username1
    ="XxXxXx"
    $password1="XxXxXx"
    $database="onestop_bookmarks"

    mysql_connect(localhost,$username1,$password1); 
    @
    mysql_select_db($database) or die( "Unable to select database"); 
    $query="SELECT passwd FROM user WHERE email='$email1'"
    $result=mysql_query($query); 
    while (
    $row mysql_fetch_array($result)) {
    $passwd $row['passwd'];

    Im not sure its the best way but it should work!

  3. #3
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, we are close... now it is displaying the scrambled password "46d0181f15735ae3" instead of "Resource id #3".

    Any clue on how to get "46d0181f15735ae3" unscrambled?

  4. #4
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you had to Md5 the $passwd variable!

  5. #5
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ...

    Quote Originally Posted by mark_W
    I think you had to Md5 the $passwd variable!
    You mean when the user/pass was originally created it was encryped? If so i dont think so...

    Heres the registration code that writes the password to the db
    PHP Code:
    $sql "insert into user values ('$username', password('$passwd'),  '$email', '$first', '$last', '$phone', '$address', '$city', '$state', '$zip')"

    or do you mean when I display the password I have to write something like md5($passwd) to decrypt the password? Im sure that I did not use md5, as you can see from the above registration code that I posted.

    Hmmm......


    Regards,
    Kevin

  6. #6
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ahhh....sorry, it was encrypted using password('$passwd'), I think you can decrypt it using the same password('$passwd');

    Mark

  7. #7
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You are using MySQL's own internal password function to encrypt the password. This is a one-way encryption process, and you can't simply decrypt it to display it.

    You could reset the password (generate a random password) when a request is made, and send this new password to the user instead?

  8. #8
    SitePoint Enthusiast mrobinson's Avatar
    Join Date
    Aug 2004
    Location
    New York, NY, USA
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just looked up the password function in the MySQL manual to check, and this is what it has to say.

    PASSWORD(str)
    Calculates and returns a password string from the plaintext password str, or NULL if the argument was NULL. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table.

    mysql> SELECT PASSWORD('badpwd'); -> '7f84554057dd964b'

    PASSWORD() encryption is one-way (not reversible). PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT().

    Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application.
    MySQL Encryption Functions

    I hope this helps

  9. #9
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all your help mark and robinson! I will do a password reset.

    Thanks!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •