« previous next »
Pages: [1]

Author Topic: md5 password recovery  (Read 555 times)

0 Members and 1 Guest are viewing this topic.

Offline RiftsTopic starter

  • Devotee
  • Posts: 612
  • Gender: Male
    • View Profile
md5 password recovery
« on: March 13, 2010, 08:00:06 PM »
hey everyone,

when you register on my site your password is stored using .md5($_POST['password']).

when using my "forgot password" link what is the code i need to email their passwords but decrypted?
« Last Edit: March 13, 2010, 08:00:37 PM by rifts »
Logged

Offline thorpe

  • Administrator
  • 'Mind Boggling!'
  • *
  • Posts: 29,255
    • View Profile
Re: md5 password recovery
« Reply #1 on: March 13, 2010, 08:02:39 PM »
You cannot decrypt an md5 hash. You will need to reset the users password with a new temporary one and send them that.
Logged

Offline jacko_162

  • Enthusiast
  • Posts: 306
  • Gender: Male
    • View Profile
    • Real-Creative.co.uk
Re: md5 password recovery
« Reply #2 on: March 13, 2010, 08:11:25 PM »
i usually just get user to enter email address, then check that against username in database, and auto generate a random password using "rand" then email the user there password.

might find the following usefull, i just finished coding that part of my script;

<?php
session_start();  // Start Session
session_register("session");
// This is displayed if all the fields are not filled in
$empty_fields_message "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  
$email $_POST['email'];
if (!isset($_POST['email'])) {
?>




                <?php
}
elseif (empty($email)) {
    echo $empty_fields_message;
}
else {
$email=mysql_real_escape_string($email);
$status "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>"
$status"NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT email,login FROM members WHERE email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
 if ($recs == 0) {
//Redirect to denied page.
 print "<script language='Javascript'>document.location.replace('forgotenpass_denied.php');</script>";
}
function makeRandomPassword() { 
          $salt "abchefghjkmnpqrstuvwxyz0123456789"
          srand((double)microtime()*1000000);  
          $i 0
          while ($i <= 7) { 
                $num rand() % 33
                $tmp substr($salt$num1); 
                $pass $pass $tmp
                $i++; 
          } 
          return $pass
    } 
    $random_password makeRandomPassword();  
    $password md5($random_password); 
     
    $sql mysql_query("UPDATE members SET passwd='$password'  WHERE email='$email'"); 
     
    $subject "Your Password Has been reset"
    $message "Hi, we have reset your password. 
     
    Your New Password is: $random_password 
     
    http://www.yoursite.com/login
    Once logged in you can change your password 
     
    Thanks! 
    Admin 
     
    This is an automated response, DO NOT REPLY!"
     
    mail($email$subject$message"From: yoursite.com Webmaster<admin@yoursite.com>\n 
        X-Mailer: PHP/" phpversion()); 
    print "<script language='Javascript'>document.location.replace('forgotenpass_sucess.php');</script>"
 } 
 else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>


apologies for the messy code. im quite new to all this :)
« Last Edit: March 13, 2010, 08:12:49 PM by jacko_162 »
Logged
i love the phpfreaks :)

Offline RiftsTopic starter

  • Devotee
  • Posts: 612
  • Gender: Male
    • View Profile
Re: md5 password recovery
« Reply #3 on: March 14, 2010, 06:54:15 PM »
thank you guys for the help!
Logged
Pages: [1]
« previous next »