Retrieve Password from a Mysql database

[egmweb]

Hello all,

I'm making a system to retrieve the customers passwords. but it are been stored with the password function, and when I send the email to the customers it retrieve me the encrypted password and not the entered before.

How can I extract the normal password again?

here is my little script:
...
//extract email address and password
$query = "select email,passwd from i_users where email='$mailpass' AND username='$mailuser'";
$result = mysql_query($query, $db_conn) or die('query failed');
$row = mysql_fetch_assoc($result);

thanks you

 

[Foamcow]

You can't really. If you could decrypt it easily then it would be easy to "hack".

You need to get the user to enter their password then compare the encrypted version of what they entered to what is stored in the database.

http://www.foamcow.com

- Web design and ranting

http://www.toccoagames.com

- Day of Defeat gaming community
"I'm making time

 

[Olavxxx]

What you do:
Make your script generate a random password. Also store this password in the field "genpass_pass" or whatever you wish to call it.

Then, make your script email an "change password" link to the user. This mail should also contain the genpass_pass.

This link, would be something like:
yourdomain.com/support/renew_password.php?id=userid

When the user hits that page, he needs to input the generated password that your script generated.

if the user can then "log in" with the genpass_pass and his username, his password is reset to a random password..

then he gets a mail with the password.. (not the encrypted value!!)

you might also want to require some kind of "password hint", with correct answer..


Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster

 

[egmweb]

Thanks, but if the user enter his password, it will be encripted with the password function and I could not decript.

Here is my scrit to store the data:

etc...
$query = "INSERT INTO i_users (id,username,passwd,email)
VALUES ('','$_POST[username]',password('$_POST[password]'),'$_POST')";
$result = mysql_query($query, $db_conn) or die('query failed'.mysql_error());
etc...

The fact isthat I need to retrieve the password for the users like an "forgot password?" option, then I could send their password and my user will enter again to thesystem.

Thansk you

 

[egmweb]

thanks you DaButcher but I am new on this php world, would you please provide some example and I will implement to the website?

Thanks you.

 

[Olavxxx]

it's too time consuming for me to program this for you without a charge. I would rather that you google for it.

it's very easy to make the password generator, but be aware!
do not generate into the password field, but in a tmp_pass

you might also want a timestamp and make the email link valid for only a certain time, and maybe only for one ip?

you can make it valid for 5 minutes, for one ip..
if the user tries to reset passwd from another ip or after 5 minutes, the genpass gets removed (or changed to something secret)

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster

 

[egmweb]

thanks you very much

regards.