Account Details Recovery

[dakata]

Hi ,

I managed to install a script in my website , it's more like a password recovery script , but it sends the username as well.

So the problem I have is that when I recive the email , where it says "Your Password Is:" it will show me the encrypted password form the database. Thing is I need the original password (or should I say the decrypted one..) to enter again in the account.

If you can help me, please let me know

Here is the script

PHP Code:

<?php
include_once"configure.php";

$email=$_POST['email'];
$email=mysql_real_escape_string($email);

if($email<>""){
$check_user_data = mysql_query("SELECT * FROM tz_members WHERE email = '$email'") or die(mysql_error());
if(mysql_num_rows($check_user_data) == 0)
{echo '<script language="javascript">alert("This email address does not exist. Please try again.")</script>;';unset($email);}
else {$row = mysql_fetch_array($check_user_data);$email=$row['email'];

$to = $email;
$subject = "Games.CsuNo.nET Recovery System";
$message = "This is in response to your request for login details as user of your Members Area page.\n\nYour User Name is ".$row['usr'].".\n\nYour Users Password is ".$row['pass'].".\n\nYou may use your password to login in your account settings to change your password or your email.\n\nDon't give your password to anyone, but do save it somewhere safe.\n\nFor futured information about your account or any problems, please contact us at support@cs-uno.net.\n\nEnjoy your members area account and have fun.\n\nRegards,\n\nGames.CsuNo.nET Owner";
$headers = "From: ".$psbhostemailaddress."\r\nReply-To: ".$email;

if(mail($to, $subject, $message, $headers)){echo "<font face='Verdana' size='2'><b><br>Success!</b> <br>An email has been sent with your details (username and password) to your email address $email <br>Please check your mail.";}

else{echo "<font face='Verdana' size='2' color=red>There is some system problem in sending login details to your address. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></font>";}

}}

?>

And here is the trouble line

PHP Code:

Your Users Password is ".$row['pass']" 


This is the image from the email , showing the md5 encrypted password:



And this is the encrypted password from the database:




Thanks for helping, dakata

[djr33]

That's a hashed password. The encryption is one way. It may be md5 or sha1, or several other algorithms, but they all have one thing in common: you can't decrypt them. In fact, they're not "encrypted" (because they can't be decrypted).
The way that hashed passwords work is simple and strong for security: there is a one way algorithm that takes input (a password) and generates output (a hash string). This hash string is stored in the database. When a user tries to log in, they're submitted password is hashed using the same algorithm. Then if the two hash strings match, the original passwords did as well. But the original password is not stored anywhere and it is not possible to know what it is.
(The only way to know is to create a database of all possible passwords and then create hashes from them. There are several projects out there like this, but once that occurs the algorithm is obsolete so a newer algorithm should be used. This isn't a "solution" of any kind.)

In short, you cannot "recover" a password in this kind of system. Therefore, your only option is to have a password reset option. This is actually simple: create a random string (12345, for example), and send that to the user. Create the hash from that* and update the stored password in the database to this hash. Now they can log in using that newly generated password and change their password after logging in. Of course in order to do all of this you should confirm that they have access to the account, such as using the email address associated with the account.

*Creating a hash:
This can be as simple as md5() or sha1() which take a string and generate a hash, or it can be more complicated if the algorithm that checks the logins is more complicated. For example, some concatenate the username and password, such as md5($pass.$user), and others use a process called "password salt", the idea being that it will be harder to hack using the database method mentioned above if the passwords are "salted"-- if they have extra material added to them. For example, it might be md5($pass.$randstring).
Most of the time it will be fairly easy to do this, but it can be a little difficult to figure out exactly how the system is setup so you know what you're trying to copy.

[dakata]

Thanks for clearing that for me.

I have as well a reset password system , but with a problem (as ever ..)

In this script with the reset password, when I enter my e-mail address and username I receive the new password , but it's not the same with the one in the database, meaning that the password changes in the database , but it's not the same , and for that I can't login with the password received.

Here's the script :

PHP Code:

<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['id'];
$username = $_SESSION['usr'];

?>

    <?php
    if (!$username && !$userid){
        
        if ($_POST['resetbtn']){
            // get the form data
            $user = $_POST['user'];
            $email = $_POST['email'];
            
            // make sure info provided
            if ($user){
                if ($email){
                    if ( (strlen($email) > 4) && (strstr($email, "@")) && (strstr($email, ".")) ){
                        // connect
                        $connect = mysql_connect("localhost","x7euprr_regu","braine3211") or die("Wrong database connection");
                                        mysql_select_db("x7euprr_reg") or die("Wrong database name");
                        
                        $query = mysql_query("SELECT * FROM tz_members WHERE usr='$user'");
                        $numrows = mysql_num_rows($query);
                        if ($numrows == 1){
                            // get info about account
                            $row = mysql_fetch_assoc($query);
                            $dbemail = $row['email'];
                            
                            // make sure the emial is correct
                            if ($email == $dbemail){
                                // generate password
                                $pass = rand();
                                $pass = md5($pass);
                                $pass = substr($pass, 0, 6);
                                $password = md5(md5("kjfiufj".$pass."Fj56fj"));
                                
                                // update db with new pass
                                $querychange = mysql_query("UPDATE tz_members SET pass='$password' WHERE usr='$user'");
                                
                                // make sure the paassword was changed
                                $query = mysql_query("SELECT * FROM tz_members WHERE usr='$user' AND pass='$password'");
                                $numrows = mysql_num_rows($query);
                                if ($numrows == 1){
                                    
                                    // create email vars
                                    $webmaster = "office@cs-uno.net";
                                    $headers = "From: Games.CsuNo.nET<$webmaster>";
                                    $subject = "Games.CsuNo.nET - Your New Password";
                                    $message = "Hello! Your password has been reset. Your new password is below.\n";
                                    $message .= "Password: $pass\n";
                                    
                                    //echo $pass."<br />";
                                    if ( mail($email, $subject, $message, $headers) ){
                                        echo "Your password has been reset. An email has been sent with your new password.";
                                    }
                                    else
                                        echo "An error has occured and your email was not sent containing your new password.";
                                }
                                else
                                    echo "An error has occured and the password was not reset.";
                                
                            }
                            else
                                echo "You enter the wrong email address.";
                        }
                        else
                            echo "The username was not found.";
                        
                        mysql_close();
                    }
                    else
                        echo "Please enter a valid email address.";
                }
                else
                    echo "Please enter you email.";
            }
            else
                echo "Please enter you username.";
        }
        
        echo "<form action='/lost_pw.php' method='post'>
        <table>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='user' /></td>
        </tr>
        <tr>
            <td>Email:</td>
            <td><input type='text' name='email' /></td>
        </tr>
        <tr>
            <td></td>
            <td><input type='submit' name='resetbtn' value='Reset Password' /></td>
        </tr>
        </table>
        </form>";
        
    }
    else
        echo "Please logout to view this page.";
    ?>

This is the database images :





Thanks again , dakata

[JShor]

You're using the contents of $pass in your email, and you're updating the database with what is stored in the variable $password. Change the $message declaration line from this:

PHP Code:

$message .= "Password: $pass\n"; 


to this:

PHP Code:

$message .= "Password: $password\n"; 


That's why you're receiving discrepancies between what you have in your database, and what is being sent via email.

[dakata]

I tryed that and it's the same result, but this time it sends me the md5 encrypted password form the database , you can check it here :

http://www.games.cs-uno.net/lost_pw.php

[JShor]

Oh, I see. You're adding ""kjfiufj" to the beginning of $pass, and adding "Fj56fj" to the end of pass, AND encrypting it in md5 -- no wonder it doesn't work!

This is your code:

PHP Code:

$pass = substr($pass, 0, 6);
$password = md5(md5("kjfiufj".$pass."Fj56fj")); 


Try replacing it with this:

PHP Code:

$pass = substr($pass, 0, 6);
$pass = "kjfiufj".$pass."Fj56fj";
$password = md5($pass); 


[dakata]

It worked , Thank you very much !

You guys are the best !

[JShor]

Happy to help.