473,425 Members | 1,812 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > decoding a retrieved password from mysql

Join Bytes to post your question to a community of 473,425 software developers and data experts.

Decoding a retrieved password from MySQL

Markus
6,050 Expert 4TB
Another day, another question. :)

I'm now onto building a login for my current project - image host.

User submits password > password is encoded
Like so:
Expand|Select|Wrap|Line Numbers
  1.         ('$username', PASSWORD('$password'), '$dispName', '$email')";
  2.  
Now say, if i were to email them their password, (they've forgotten it?), it would send the encoded password and not the one they input! And i'm unsure of how to Decode it.

This is just soemthing i was using to see how i could decode it, this isnt the actual way i will go about it ;)

Obviously it doesn't work..
Expand|Select|Wrap|Line Numbers
  1. $query = "SELECT `ziprar_loginPass` FROM `ziprar_users` WHERE `ziprar_loginName` = 'markusn00b'";
  2. $res = mysql_query($query);
  3. while($row = mysql_fetch_array($res)){
  4.     echo $row['PASSWORD(ziprar_loginPass)'];
  5. }
  6.  
Any ideas?

Thanks :)
Oct 24 '07 #1
5 11263
Atli
5,058 Expert 4TB
Hi Markus.

You should never have to decode a password in your database. If a user forgets his/her password, you should rather generate a random password for them and send that to them via email, so they can log in and change it.

Nobody, including you, should be able to decode your user's passwords from the database. That is information only your users should be able to know. That is why we use hashing algorithms, because they can not be reversed (without major hacking) which makes them much harder to break than algorithms that can be reversed.
Oct 24 '07 #2
Markus
6,050 Expert 4TB
Hi Markus.

You should never have to decode a password in your database. If a user forgets his/her password, you should rather generate a random password for them and send that to them via email, so they can log in and change it.

Nobody, including you, should be able to decode your user's passwords from the database. That is information only your users should be able to know. That is why we use hashing algorithms, because they can not be reversed (without major hacking) which makes them much harder to break than algorithms that can be reversed.
Hmm... but then surely i'd have to update the password on their request without clarifying that they are indeed the actual user of that email address...

If you understand me?

Oh wait, no i see!

I'd just send an email to have the user confirm that they did request their password to be reset!

Thanks!
Oct 24 '07 #3
Atli
5,058 Expert 4TB
This is true. But you could, for example, send them a link to a 'change password' page on which, the newly generated password would work, while the old one would still be valid using the normal login procedures.

That way, even if some prankster is going around reporting missing passwords for users he doesn't own, nobody is required to change their password, they only get an email saying that somebody reported that they had forgotten their password, which they could ignore.

And if you are getting frequent false reports of lost passwords, record the IP address of the people sending the reports and block them.
Oct 24 '07 #4
Markus
6,050 Expert 4TB
Noted!

Thanks a bunch :)
Oct 24 '07 #5
Atli
5,058 Expert 4TB
Glad I could help :)
Oct 24 '07 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

1
MySql 4.1.1 Password problem - client can't connect
by: Jordy | last post by:
Environment: Sun servers running solaris 2.8 Php 4.3.6 Apache 1.3.29 Mysql 4.1.1 phpMyAdmin 2.6.0-alpha1 phpAds 2.0 PhpMyadmin and phpAds don't succeed to connect the MySql database when
PHP
1
URL parameter En-Decoding problem
by: Matthias Stern | last post by:
Hello! I've got a Javascript-PHP encoding problem. (1) Here is the short version: ============================== I'm sending a form textfield via Javascript(!) as URL parameter (GET)...
PHP
9
default MYSQL server password
by: ruud | last post by:
I just installed MySQL server 3.23.58-1. Now I can't find the password en can's change the settings. Who knows this password?
MySQL Database
1
GRANT, Privilege etc
by: Adam Smith | last post by:
I have a new DB provided by my ISP don't know details of installation, setup etc. I can log in as anybody except root. mysql -h localhost -u mysql Welcome to the MySQL monitor. Commands end...
MySQL Database
40
text decoding from dataset, hmm... help appreciated.
by: Peter Row | last post by:
Hi all, Here is my problem: I have a SQL Server 2000 DB with various NVarChar, NText fields in its tables. For some stupid reason the data was inserted into these fields in UTF8 encoding. ...
.NET Framework
4
Recover a Password
by: chuy | last post by:
Is there a way to recover a lost password in Mysql 4.1. I have seen many articles and howto's on how to kill the Mysql process and then restart using skip grant tables option. I am not trying to...
MySQL Database
5
I just ran /usr/bin/mysql_install_db and it told me to set a password for the MySQL root USER. I cannot.
by: MLH | last post by:
I'm supposed to set a password for the MySQL root user. The output of mysql_install_db instructed me to run the following commands... /usr/bin/mysqladmin -u root -h appserver password mynwewpasswd...
MySQL Database
0
How to decode a JPEG 2000 file or use any internal decoding of WebResponse
by: Johann Blake | last post by:
In my need to decode a JPEG 2000 file, I discovered like many that there was no functionality for this in the .NET Framework. Instead of forking out a pile of cash to do this, I came up with the...
C# / C Sharp
1
Markus
Decoding a retrieved password from MySQL
by: Markus | last post by:
Another day, another question. :) I'm now onto building a login for my current project - image host. User submits password > password is encoded Like so: ('$username',...
MySQL Database
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!