RE: MySQLPHP decrypt(password)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

thank you.

I do have login and registration script, which work fine. the problem is with new password.

I am using password() to registrate a user. I did change in the change_password()
md5() into password(), it changes the user password. I coud easliy see it in mysql db.

but a user could not login using the new password.
do i have to change the password() into md5() in the registration php script?

1. is it anyway i could get the password without changing a user password from mysql.

kind regards
m

>From: "Bastien Koert" <bastien_k@xxxxxxxxxxx>
>To: mmoses@xxxxxxxxxxx
>Subject: RE: MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 09:31:20 -0500
>
>There needs to be a separate login page...The previous page was simply to change the password...
>
>here is my login function...
>
>//---------------------------------------------------------------------------------------
>// login function
>//---------------------------------------------------------------------------------------
>function login()
>{
> global $err_msg;
> $errors = array();
>
> if ((empty ($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
> $errors[] = "<font color=red>You didn't enter a correct login name.</font>";}
> if ((empty ($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
> $errors[] = "<font color=red>You didn't enter a password.</font>";}
>
> if (count($errors) > 0) {
>
> for ($i = 0; $i < $nerrors; $i++){
> $err_msg .= $errors[$i]."<br />";
> }
> show_form();
> exit();
> }//end if
>
> $lg_name = $_POST['lg_name'];
> $lg_pw = $_POST['lg_pw'];
>
> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
> $result = connect($new_select);
> $num_result = mysql_num_rows ($result);
>
> if ($num_result == 1) {
>
> //if the temp_password value is set to 1 then have the user change the password.
> $row = mysql_fetch_array($result);
> if ($row['temp_pass']==1){
> header("location:change_pass.php");
> die();
> }//end if
>
> setcookie('last_time', date("Ymd-his"),time()+60*60*24*30,'/');
> echo "here";
> header("location:/login_unit/brokerpanel.htm");
> exit();
> }else{
> $err_msg = "<font color=red>No match found! If you have forgotten your password, please click the link at the right.</font";
> show_form();
> exit();
> }
>}//end functon
>
>?>
>
>bastien
>
> >From: "moses Woldeselassie" <mmoses@xxxxxxxxxxx>
> >To: bastien_k@xxxxxxxxxxx, php-db@xxxxxxxxxxxxx
> >Subject: RE: MySQLPHP decrypt(password)
> >Date: Mon, 28 Feb 2005 11:16:23 +0000
> >
> >Thank you Bastien
> >
> >It works fine, but i do have a problem with login. MySQL does not allowed the user to login.
> >
> >
> >I did try to use sending email without using the change_password(), but it is sending different password each time:
> >
> >1. Why is it sending different password for one user?
> >2. How could I get a user password without changing a user password?
> >
> >
> >
> >
> >kind regards
> >m
> >
> >
> >
> >
> >
> >
> >>From: "Bastien Koert" <bastien_k@xxxxxxxxxxx>
> >>To: mmoses@xxxxxxxxxxx, php-db@xxxxxxxxxxxxx
> >>Subject: RE: MySQLPHP decrypt(password)
> >>Date: Fri, 25 Feb 2005 14:04:30 -0500
> >>
> >>You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login...
> >>
> >>[code]
> >>function mail_password()
> >>{
> >> global $err_msg;
> >> //get the variables from the form
> >> if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
> >> $email = $_POST['email'];
> >> $mid = $_POST['lg_name'];
> >> $date_cookie = $_COOKIE['last_time'];
> >> }else{
> >> $err_msg = "<b>Please enter both your email address and your username. Thank you.</b>";
> >> show_form();
> >> die();
> >> }//end if
> >>
> >> //create the sql and run the query
> >> $sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'";
> >>
> >> $result = connect($sql);
> >>
> >> //check the query results
> >> if (mysql_num_rows($result)!=1){
> >> $err_msg = "<font color=red>No results found. Please re-enter your username and email address to try again.</font>";
> >> show_form();
> >>
> >> }else{
> >>
> >> $row = mysql_fetch_array($result);
> >> $email2 = $row['cust_email'];
> >> $pass = $row['cust_pw'];
> >>
> >> //call the change password function and pass it the information related to the record to create the temp password
> >> $new_pass = change_password($mid, $pass);
> >>
> >> $sendto = $email2;
> >> $from = "WebMaster <webmaster@xxxxxxxxxxxxxxxxxxx>";
> >> $subject = "Forgotten Password";
> >> $message = "Dear $email2,
> >>
> >> Your password is $new_pass.
> >>
> >> Regards,
> >> Webmaster";
> >> echo $message;
> >>
> >> $headers = "MIME-Version: 1.0\n";
> >> $headers .= "Content-type: text/plain; charset=iso-8859-1\n";
> >> $headers .= "X-Priority: 3\n";
> >> $headers .= "X-MSMail-Priority: Normal\n";
> >> $headers .= "X-Mailer: php\n";
> >> $headers .= "From: \"".$from."\" <".$from.">\n";
> >>
> >> if (!mail($sendto, $subject, $message, $headers)){
> >> echo "Mail failed to send";
> >> }else{
> >> header("location:confirm1.htm");
> >> }//end if
> >> }//end if
> >>}//end function
> >>
> >>//---------------------------------------------------------------------------------------
> >>// change password function
> >>//---------------------------------------------------------------------------------------
> >>function change_password($id, $password)
> >>{
> >> //generate a random password
> >> $pass = "";
> >> $salt = "abchefghjkmnpqrstuvwxyz0123456789";
> >> srand((double)microtime()*1000000);
> >> $i = 0;
> >> while ($i <= 7) {
> >> $num = rand() % 33;
> >> $tmp = substr($salt, $num, 1);
> >> $pass = $pass . $tmp;
> >> $i++;
> >> }
> >> //change the password in the db
> >> $sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'";
> >> $result = connect($sql);
> >> if ($result){
> >> return $pass;
> >> }else{
> >> change_password($id, $password);
> >> }
> >>}//end function
> >>[/code]
> >>
> >>
> >>bastien
> >>
> >>
> >>
> >> >From: "moses Woldeselassie" <mmoses@xxxxxxxxxxx>
> >> >To: php-db@xxxxxxxxxxxxx
> >> >Subject: MySQLPHP decrypt(password)
> >> >Date: Fri, 25 Feb 2005 10:20:55 +0000
> >> >
> >> >hi all
> >> >
> >> >I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password?
> >> >
> >> >
> >> >kind regards
> >> >m
> >> >
> >> >--
> >> >PHP Database Mailing List (http://www.php.net/)
> >> >To unsubscribe, visit: http://www.php.net/unsub.php
> >> >
> >>
> >
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux