Password and MD$ return different values. They are not compatible. Since
both are one way encryptions, you can not retrive the orginal value
From: "moses Woldeselassie" <mmoses@xxxxxxxxxxx>
To: bastien_k@xxxxxxxxxxx, php-db@xxxxxxxxxxxxx
Subject: RE: MySQLPHP decrypt(password)
Date: Mon, 28 Feb 2005 16:44:56 +0000
thank you Bastien
I do have a login and registration php sript, which work fine. the problem
is I am using password(passwd) to registrat the user, and i did change md5
into password() but how do i get the password that a user has registrated
in the first time?
other problem:
i did try to use the sending email using the following:
select passwd from users where username=$mid and email = $email
but it doesn't work. If i put * instead of passwd it works fine.
select * from users where username=$mid and email=$email
what is the problem?
I didn't get it, a user should easliy login using the new password, which
was changed using change_password().
kind regards
m
>From: "Bastien Koert" <bastien_k@xxxxxxxxxxx>
>To: mmoses@xxxxxxxxxxx
>Subject: RE: MySQLPHP decrypt(password)
>Date: Mon, 28 Feb 2005 09:31:20 -0500
>
>There needs to be a separate login page...The previous page was simply
to change the password...
>
>here is my login function...
>
>//---------------------------------------------------------------------------------------
>// login function
>//---------------------------------------------------------------------------------------
>function login()
>{
> global $err_msg;
> $errors = array();
>
> if ((empty
($_POST['lg_name']))&&(!eregi("[[:alnum:]]",$_POST['lg_name']))){
> $errors[] = "<font color=red>You didn't enter a correct
login name.</font>";}
> if ((empty
($_POST['lg_pw']))&&(!eregi("[[:alnum:]]",$_POST['lg_pw']))){
> $errors[] = "<font color=red>You didn't enter a
password.</font>";}
>
> if (count($errors) > 0) {
>
> for ($i = 0; $i < $nerrors; $i++){
> $err_msg .= $errors[$i]."<br />";
> }
> show_form();
> exit();
> }//end if
>
> $lg_name = $_POST['lg_name'];
> $lg_pw = $_POST['lg_pw'];
>
> $new_select = "select cust_lg, cust_pw, temp_pass from cust_info
where cust_lg = '$lg_name' and cust_pw = '$lg_pw'";
> $result = connect($new_select);
> $num_result = mysql_num_rows ($result);
>
> if ($num_result == 1) {
>
> //if the temp_password value is set to 1 then have the user change
the password.
> $row = mysql_fetch_array($result);
> if ($row['temp_pass']==1){
> header("location:change_pass.php");
> die();
> }//end if
>
> setcookie('last_time',
date("Ymd-his"),time()+60*60*24*30,'/');
> echo "here";
> header("location:/login_unit/brokerpanel.htm");
> exit();
> }else{
> $err_msg = "<font color=red>No match found! If you have
forgotten your password, please click the link at the
right.</font";
> show_form();
> exit();
> }
>}//end functon
>
>?>
>
>bastien
>
> >From: "moses Woldeselassie" <mmoses@xxxxxxxxxxx>
> >To: bastien_k@xxxxxxxxxxx, php-db@xxxxxxxxxxxxx
> >Subject: RE: MySQLPHP decrypt(password)
> >Date: Mon, 28 Feb 2005 11:16:23 +0000
> >
> >Thank you Bastien
> >
> >It works fine, but i do have a problem with login. MySQL does not
allowed the user to login.
> >
> >
> >I did try to use sending email without using the
change_password(), but it is sending different password each time:
> >
> >1. Why is it sending different password for one user?
> >2. How could I get a user password without changing a user
password?
> >
> >
> >
> >
> >kind regards
> >m
> >
> >
> >
> >
> >
> >
> >&gt;From: &quot;Bastien Koert&quot;
&lt;bastien_k@xxxxxxxxxxx&gt;
> >&gt;To: mmoses@xxxxxxxxxxx, php-db@xxxxxxxxxxxxx
> >&gt;Subject: RE: MySQLPHP decrypt(password)
> >&gt;Date: Fri, 25 Feb 2005 14:04:30 -0500
> >&gt;
> >&gt;You can't. Its an MD5 hash, not an encryption...I reset
the password to a random one, and email it to the user, also flag the
account to force them to change the password upon login...
> >&gt;
> >&gt;[code]
> >&gt;function mail_password()
> >&gt;{
> >&gt; global $err_msg;
> >&gt; //get the variables from the form
> >&gt; if
((isset($_POST['email']))&amp;&amp;(isset($_POST['lg_name']))){
> >&gt; $email = $_POST['email'];
> >&gt; $mid = $_POST['lg_name'];
> >&gt; $date_cookie = $_COOKIE['last_time'];
> >&gt; }else{
> >&gt; $err_msg = &quot;&lt;b&gt;Please enter both
your email address and your username. Thank
you.&lt;/b&gt;&quot;;
> >&gt; show_form();
> >&gt; die();
> >&gt; }//end if
> >&gt;
> >&gt; //create the sql and run the query
> >&gt; $sql = &quot;SELECT * FROM users WHERE
user_email='$email' and user_name = '$mid'&quot;;
> >&gt;
> >&gt; $result = connect($sql);
> >&gt;
> >&gt; //check the query results
> >&gt; if (mysql_num_rows($result)!=1){
> >&gt; $err_msg = &quot;&lt;font color=red&gt;No
results found. Please re-enter your username and email address to try
again.&lt;/font&gt;&quot;;
> >&gt; show_form();
> >&gt;
> >&gt; }else{
> >&gt;
> >&gt; $row = mysql_fetch_array($result);
> >&gt; $email2 = $row['cust_email'];
> >&gt; $pass = $row['cust_pw'];
> >&gt;
> >&gt; //call the change password function and pass it the
information related to the record to create the temp password
> >&gt; $new_pass = change_password($mid, $pass);
> >&gt;
> >&gt; $sendto = $email2;
> >&gt; $from = &quot;WebMaster
&lt;webmaster@xxxxxxxxxxxxxxxxxxx&gt;&quot;;
> >&gt; $subject = &quot;Forgotten Password&quot;;
> >&gt; $message = &quot;Dear $email2,
> >&gt;
> >&gt; Your password is $new_pass.
> >&gt;
> >&gt; Regards,
> >&gt; Webmaster&quot;;
> >&gt; echo $message;
> >&gt;
> >&gt; $headers = &quot;MIME-Version: 1.0\n&quot;;
> >&gt; $headers .= &quot;Content-type: text/plain;
charset=iso-8859-1\n&quot;;
> >&gt; $headers .= &quot;X-Priority: 3\n&quot;;
> >&gt; $headers .= &quot;X-MSMail-Priority:
Normal\n&quot;;
> >&gt; $headers .= &quot;X-Mailer: php\n&quot;;
> >&gt; $headers .= &quot;From:
\&quot;&quot;.$from.&quot;\&quot;
&lt;&quot;.$from.&quot;&gt;\n&quot;;
> >&gt;
> >&gt; if (!mail($sendto, $subject, $message, $headers)){
> >&gt; echo &quot;Mail failed to send&quot;;
> >&gt; }else{
> >&gt; header(&quot;location:confirm1.htm&quot;);
> >&gt; }//end if
> >&gt; }//end if
> >&gt;}//end function
> >&gt;
>
>&gt;//---------------------------------------------------------------------------------------
> >&gt;// change password function
>
>&gt;//---------------------------------------------------------------------------------------
> >&gt;function change_password($id, $password)
> >&gt;{
> >&gt; //generate a random password
> >&gt; $pass = &quot;&quot;;
> >&gt; $salt =
&quot;abchefghjkmnpqrstuvwxyz0123456789&quot;;
> >&gt; srand((double)microtime()*1000000);
> >&gt; $i = 0;
> >&gt; while ($i &lt;= 7) {
> >&gt; $num = rand() % 33;
> >&gt; $tmp = substr($salt, $num, 1);
> >&gt; $pass = $pass . $tmp;
> >&gt; $i++;
> >&gt; }
> >&gt; //change the password in the db
> >&gt; $sql = &quot;update cust_info set
cust_pw ='&quot;.md5($pass).&quot;', temp_pass = 1 where cust_lg =
'$id' and cust_pw = '$password'&quot;;
> >&gt; $result = connect($sql);
> >&gt; if ($result){
> >&gt; return $pass;
> >&gt; }else{
> >&gt; change_password($id, $password);
> >&gt; }
> >&gt;}//end function
> >&gt;[/code]
> >&gt;
> >&gt;
> >&gt;bastien
> >&gt;
> >&gt;
> >&gt;
> >&gt; &gt;From: &quot;moses Woldeselassie&quot;
&lt;mmoses@xxxxxxxxxxx&gt;
> >&gt; &gt;To: php-db@xxxxxxxxxxxxx
> >&gt; &gt;Subject: MySQLPHP decrypt(password)
> >&gt; &gt;Date: Fri, 25 Feb 2005 10:20:55 +0000
> >&gt; &gt;
> >&gt; &gt;hi all
> >&gt; &gt;
> >&gt; &gt;I am using password() to crypt a user password
online. but how do i decrypt a user password, when user forgot his/her
password?
> >&gt; &gt;
> >&gt; &gt;
> >&gt; &gt;kind regards
> >&gt; &gt;m
> >&gt; &gt;
> >&gt; &gt;--
> >&gt; &gt;PHP Database Mailing List (http://www.php.net/)
> >&gt; &gt;To unsubscribe, visit:
http://www.php.net/unsub.php
> >&gt; &gt;
> >&gt;
> >
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
