Search
Left Quote    I start where the last man left off.
- Thomas A. Edison    
Right Quote
 
[login] | [Register]
Forum Index » PHP and mySQL » Viewing Topic and Replies
Post Reply


        Viewing Topic: Member system - display md5 password
  This user is online  Guest
  Subject: "Member system - display md5 passwor..." Posted: @ 11:10 am on Dec 30 2005   
Unregistered
Hi all
I used the member system tutorial as the basis for my system. I have managed to extend it to include a admin section - some members have admin level membership and can change usernames, passwords, users level etc.
The problem I'm having trouble resolving is how to convert the md5 password for display in the update section and change password section. The form is displaying the encrypted password not the entered password.
This is my form line

Code:
<td>< input name="pass word" type="text " value="< ;? echo $pword; ?>"> </td>

Here is the code that sets the variable $pword

Code:
$pword=mysql_r esult($results2 ,$i,"ak_pw ord";

where ak_pword is the field that holds the password. I've tried a number of ways but cant seem to get it right. I am guessing i need to add the md5 function into the ak_pword output somehow. I tried

Code:
$pword=mysql_r esult($results2 ,$i,md5("a k_pword");

but that didnt work.
Can anyone point me in the right direction?
Many thanks
Sue

    Viewed: 9,174 Times | Reply to This | To top
  This user is offline  suehami
  Subject: "re: Member system - display md5 pas..." Posted: @ 1:05 pm on Dec 30 2005    
Member #: 127
Rank: User - (4)
Since: 12/30/05
Posts: 4

Hi (I'm answering myself here as I registered after I posted the original question)
I finally found the correct way to google the question and it seems that basically you cant unencrypt a md5 encrypted password. Therefore it seems to me that if you md5 a password you eliminate the ability to send people their password if they have forgotten it, change a password etc. Although a thought struck me, you could create a dummy password field that holds an unencrypted version and use that but then what would be the point of encrypting it in the first place.
Just some thoughts for discussion
Sue



    Viewed: 9,168 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Member system - display md5 pas..." Posted: @ 1:41 pm on Dec 30 2005    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

I would just set it up if they want to change their password, they can enter it themselves. Then, your script will encrypt it, and compare it to the encrypted version in the database. If they lose their password and respond to the email with a verification code, you bypass the old password and make a new one.




-bs0d | AllSyntax.com

    Viewed: 9,162 Times | Reply to This | To top
  This user is offline  suehami
  Subject: "re: Member system - display md5 pas..." Posted: @ 10:39 pm on Dec 30 2005    
Member #: 127
Rank: User - (4)
Since: 12/30/05
Posts: 4

Hi bsOd
thanks for the reply. I wanted to display the original password within a catch all edit user page - i.e. change username, access level, password. which is why i needed to have the unencrypted password available, in case the password was not to be changed. clearly that wont be possible so I guess i will have to seperate the change password function from the change level/username or not store the password encrypted
Thanks againfor the advice
Sue



    Viewed: 9,154 Times | Reply to This | To top
Viewing Page: 1 of 1


1 |

You must be logged in to post on the forums. Login or Register








"AllSyntax.com" Copyright © 2002-2018; All rights lefted, all lefts righted.
Privacy Policy  |  Internet Rank