recall a password

add a new line in sql add there real pass there make sure you only use the email to get the password..

i was trying to avoid doing that

well most users cant decode passwords all they will get is there sid....

forgot password

true, u cant decode the password as it has been converted to md5. least u can do is for new users and those who logged-in after u made a code for Forgot Password.

i've already made a code for that.

i added a line in users table named it to password.
in login.php i put an mysql command to insert the password to users table also followed by Update command just in case the user changed his pw. again an update code i put in index.php. then in login form i put forgot pw link, asking the email add he put during registration(this will prevent from stealing the data). use php command mail() to get the login details.

i searched google, and there are a few sites that advertise that they decode online, tried it and it doesnt work. must be some sort of scam

first address the rumour md5 and other encryption methods are decodable... no they aren't, no if's, no but's they cant be decoded. anyone that says otherwise is stupid and there opinions never be listened to again. md5 along with many other common string encryption methods are one way encryptions.

Now there is a way to guess the md5 password, this is by using a rainbow table. rainbow tables vary in size and ive never seen a rainbow table of all hashes, there probably is one on a high security most likely offline government server which **** loads of HDD's but to the general user you cant get one, it would take millions of years to calculate all the hashes and more HDD's than you or 99% of the world could ever afford.

The thing about md5 is one hash can match an infinate number of strings. there is only 32 chars length in a md5 string, and an infinate number of characters that will encode to those 32 chars .. hence since infinate by definition has no upper limit, the number of strings that would match any given hash would be infinate.

So now ur thinking well how come certain passwords are so called "decoded" by these sites and services. Well thats a collaboration of basic wordlists and years of user interaction with the application.

1. the common and basic passwords and words in the dictionary are usually encoded by these services themselves just to give them a starting point, after that they may do more wordlists from ime to time

2. You'd be surprised how many people use these decoder sites alter ego's to get the md5 hash of a password, i do it myself for quickness (only on test account passwords mind lol). everytime you enter that pass to get the string the backend saves a record, recording the password u entered and the resulting hash, so when u take that hash put it into a decoder it finds that record it entered and displays the password (or more than one pass if it finds multiple hash matches)

-------------------

so thats the theory behind md5 lol.. so how do you sort users with lost passwords. there are a number of ways

1. Have a password reset in admincp, you enter the users name, it then emails them with a new pass which it has md5'd and put into the users record

2. have a password reset in admincp where u can enter a new password for that account. then u make a password change on the users panel for them to change the password the next time they login

3. have a reset password link that emails them a new pass much like the admincp but this one dont require staff interaction

4. use a Q & A system. when registering they enter a question (or select a default one whichever u prefer) and provide an answer, when they reset their password, it asks the answer to their defined question and if its correct they can enter a new password for their account (with this i usually ask other trivial questions like regged email, dob or anything else i have on file just to be sure its them)

theres other methods too but those are the main ones i use i can think of off the top of my head.

under NO circumstances should you ever store a users password as plain text. I dispise anyone that doesnt do this. I never reg to a wapsite with a good password, most of the time i just use djlee1 lol as most are unsecure, some users are stupid and will reg with their paypal. u get hacked (which is high possibility with some of the default sources) and someone has that paypal pass.

its simply one of those things as a webmaster you just do not do. and any decent webmaster will no doubt agree with me on that point even if they disagree with everything else ive ever sai (*cough* subzero lol)

i codeed it the other day for my site

do youmind sharing it bro?

i Have share my sql last time forgot to clear database then the ppl asked for the admin pasword when i went to the topic another guy posted my password so there are ways to decode the encrypted passwords i dnt know how he done it

Please share, it would be nice to see if this works

edit it according to your script lol

thanks for this, it worked! but what if the user used one email to register more than 2 accounts?:confused:

1. i had already a posted code to prevent registering a nick wid same email id or login couple of days ago check my posts.
2. To prevent this also add login field in it wid email and change this query to something like this
select login from users where login = $login and email = $email

easy, u were using a **** password lol.

g52k5+8g;3j5-@2

^^^ the typical type of password id use for something like db login info.. chances are ud never guess it as its just random hits on buttons i like the look of.

MD5 is not decryptable. simple as that. one way hash. only way to find the password from the hash is using rainbow tables, no one has the capacity to store every single hash and a list of passwords they match.. its impossible. Add together the size of every HDD, usb stick, floppy disk, even your old C64 8kb tapes across this planet and you still wouldnt have enough. thats the basic facts of the matter. A strong password will never be found unless its out of pure pure luck they hit the same keys as you did (very very very slim)