PDA

View Full Version : How do you decrypt a password



Dirt_Diver
08-25-2008, 05:15 PM
I have a page where the user submits an email request to recover a forgotten password, but when the email comes to them it's still encrypted. What can I add to my code that would decrypt the password before it gets to the users email?

Also I want to display the username with it as well. Right now it comes in blank..

Maybe someone could look at my code and give me a hand..




<html>

<head>
<title>Password Recovery</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>

<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">

<?
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}


echo "<br><br>";
if($status=="OK"){ $query="SELECT email, username, password FROM users WHERE email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='add.php'> Sign UP </a> </center>"; exit;}

$headers4="admin@domain.com";
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;// for html mail un-comment this line

if(mail("$em","Your Request for login details","This is in response to your request for login details at website.com \n \nLogin ID: $row->userid \n Password: $row->password \n\n Thank You \n \n site admin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>An email was sent to the email address you just listed. If you don't see our email after 5 minutes check your spam folder. Sometimes they get put in there for some reason. If you still don't have our email please reply to this email and let us know. </center>";}
else{ echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}


}

else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>

Twey
08-25-2008, 06:14 PM
Presuming your password field is hashed, you don't. Why do you think it is that most password reminder pages have you choose a new password rather than sending your old one? A hash function is one-way, by design. That's the point.

Dirt_Diver
08-25-2008, 08:56 PM
Do you have a code I could use then that would allow the user to create a new password??? Or point me in the direction that I could find one and edit it?

allahverdi
08-26-2008, 08:22 AM
random numbers and letters.



$chars = array('2','3','4','5','6','7','8','9','A','B','C','D','E','F','G','H','J','K','M','N','P','Q','R','S','Y','U','V','W','X','Y','Z');

$firstletter = rand(0, (count($chars) -1)


Something like this

Nightfire
08-27-2008, 01:48 AM
Alot of sites just send the session id as the new password