recall a password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    recall a password

    once a user registers, the password is converted to a md5 hash string and stored in the db. if user has forgotten the password, how do i convert the md5 hash string back to its original password form
    sigpic

    |~~Dont forget to say thanx~~|

    #2
    add a new line in sql add there real pass there make sure you only use the email to get the password..
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      i was trying to avoid doing that
      sigpic

      |~~Dont forget to say thanx~~|

      Comment


        #4
        well most users cant decode passwords all they will get is there sid....
        Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
        Visit: WapMasterz Coming Back Soon!
        _______
        SCRIPTS FOR SALE BY SUBZERO
        Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
        FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
        _______
        Info & Tips
        php.net
        w3schools.com

        Comment


          #5
          forgot password

          true, u cant decode the password as it has been converted to md5. least u can do is for new users and those who logged-in after u made a code for Forgot Password.

          i've already made a code for that.

          i added a line in users table named it to password.
          in login.php i put an mysql command to insert the password to users table also followed by Update command just in case the user changed his pw. again an update code i put in index.php. then in login form i put forgot pw link, asking the email add he put during registration(this will prevent from stealing the data). use php command mail() to get the login details.

          Comment


            #6
            i searched google, and there are a few sites that advertise that they decode online, tried it and it doesnt work. must be some sort of scam
            sigpic

            |~~Dont forget to say thanx~~|

            Comment


              #7
              first address the rumour md5 and other encryption methods are decodable... no they aren't, no if's, no but's they cant be decoded. anyone that says otherwise is stupid and there opinions never be listened to again. md5 along with many other common string encryption methods are one way encryptions.

              Now there is a way to guess the md5 password, this is by using a rainbow table. rainbow tables vary in size and ive never seen a rainbow table of all hashes, there probably is one on a high security most likely offline government server which **** loads of HDD's but to the general user you cant get one, it would take millions of years to calculate all the hashes and more HDD's than you or 99% of the world could ever afford.

              The thing about md5 is one hash can match an infinate number of strings. there is only 32 chars length in a md5 string, and an infinate number of characters that will encode to those 32 chars .. hence since infinate by definition has no upper limit, the number of strings that would match any given hash would be infinate.

              So now ur thinking well how come certain passwords are so called "decoded" by these sites and services. Well thats a collaboration of basic wordlists and years of user interaction with the application.

              1. the common and basic passwords and words in the dictionary are usually encoded by these services themselves just to give them a starting point, after that they may do more wordlists from ime to time

              2. You'd be surprised how many people use these decoder sites alter ego's to get the md5 hash of a password, i do it myself for quickness (only on test account passwords mind lol). everytime you enter that pass to get the string the backend saves a record, recording the password u entered and the resulting hash, so when u take that hash put it into a decoder it finds that record it entered and displays the password (or more than one pass if it finds multiple hash matches)

              -------------------

              so thats the theory behind md5 lol.. so how do you sort users with lost passwords. there are a number of ways

              1. Have a password reset in admincp, you enter the users name, it then emails them with a new pass which it has md5'd and put into the users record

              2. have a password reset in admincp where u can enter a new password for that account. then u make a password change on the users panel for them to change the password the next time they login

              3. have a reset password link that emails them a new pass much like the admincp but this one dont require staff interaction

              4. use a Q & A system. when registering they enter a question (or select a default one whichever u prefer) and provide an answer, when they reset their password, it asks the answer to their defined question and if its correct they can enter a new password for their account (with this i usually ask other trivial questions like regged email, dob or anything else i have on file just to be sure its them)

              theres other methods too but those are the main ones i use i can think of off the top of my head.

              under NO circumstances should you ever store a users password as plain text. I dispise anyone that doesnt do this. I never reg to a wapsite with a good password, most of the time i just use djlee1 lol as most are unsecure, some users are stupid and will reg with their paypal. u get hacked (which is high possibility with some of the default sources) and someone has that paypal pass.

              its simply one of those things as a webmaster you just do not do. and any decent webmaster will no doubt agree with me on that point even if they disagree with everything else ive ever sai (*cough* subzero lol)

              Comment


                #8
                i codeed it the other day for my site

                Comment


                  #9
                  do youmind sharing it bro?

                  WapCHAT Forum Currenltly changing over to xhtml

                  My Dowloads Site

                  Comment


                    #10
                    i Have share my sql last time forgot to clear database then the ppl asked for the admin pasword when i went to the topic another guy posted my password so there are ways to decode the encrypted passwords i dnt know how he done it

                    Comment


                      #11
                      Originally posted by hypetype View Post
                      i codeed it the other day for my site
                      Please share, it would be nice to see if this works
                      sigpic

                      |~~Dont forget to say thanx~~|

                      Comment


                        #12
                        Originally posted by synergyx2009 View Post
                        Please share, it would be nice to see if this works
                        edit it according to your script lol

                        PHP Code:
                        <?php
                        include 'admin/connect.php';
                        include 
                        'admin/var.php';


                        if(isset(
                        $_POST['submit']))
                        {    
                          
                        $email=$_POST['email'];
                          
                        $getinfo="SELECT login from users where email='$email'";
                          
                        $getinfo2=mysql_query($getinfo) or die("Could not get info");
                          
                        $getinfo3=mysql_fetch_assoc($getinfo2);
                          if(
                        $getinfo3)
                          {
                             
                        $pass substr(preg_replace('/\W/'''md5(rand())), 08);
                             
                        $changepassmysql_query("update `users` SET `pass`='".md5($pass)."' WHERE `email`='".$email."'");
                             
                        mail("$email","From Chat-Zone.mobI","Your login details login $getinfo3[login] &Password $pass");   
                             print 
                        "Instruction for changing your password have been mailed to you.";
                          }
                          else
                          {

                            print 
                        "Retrieve Password";
                            print 
                        "There is not a user with that e-mail address";
                          }
                          
                        }
                        else
                        {

                          print 
                        "<form method='POST' action='getpassword.php'>";
                          print 
                        "Your e-mail:</td><td><input type='text' name='email' length='45'>";
                          print 
                        "<input type='submit' name='submit' value='submit'>";
                        }
                        ?>
                        Last edited by Anshul; 10.05.09, 12:28.

                        Comment


                          #13
                          Originally posted by Spook View Post
                          edit it according to your script lol

                          PHP Code:
                          <?php
                          include 'admin/connect.php';
                          include 
                          'admin/var.php';


                          if(isset(
                          $_POST['submit']))
                          {    
                            
                          $email=$_POST['email'];
                            
                          $getinfo="SELECT login from users where email='$email'";
                            
                          $getinfo2=mysql_query($getinfo) or die("Could not get info");
                            
                          $getinfo3=mysql_fetch_assoc($getinfo2);
                            if(
                          $getinfo3)
                            {
                               
                          $pass substr(preg_replace('/\W/'''md5(rand())), 08);
                               
                          $changepassmysql_query("update `users` SET `pass`='".md5($pass)."' WHERE `email`='".$email."'");
                               
                          mail("$email","From Chat-Zone.mobI","Your login details login $getinfo3[login] &Password $pass");   
                               print 
                          "Instruction for changing your password have been mailed to you.";
                            }
                            else
                            {

                              print 
                          "Retrieve Password";
                              print 
                          "There is not a user with that e-mail address";
                            }
                            
                          }
                          else
                          {

                            print 
                          "<form method='POST' action='getpassword.php'>";
                            print 
                          "Your e-mail:</td><td><input type='text' name='email' length='45'>";
                            print 
                          "<input type='submit' name='submit' value='submit'>";
                          }
                          ?>
                          thanks for this, it worked! but what if the user used one email to register more than 2 accounts?:confused:
                          LDSWAPWORLD sigpic
                          site closed.
                          im busy with other things in life like facebook , send me PM so i can add you
                          www.pinoySG.com

                          don't ask for help if you're not even helping yourself!
                          i am tired of seeing the line "best site", i want to see something NEW and UNIQUE. maybe if i find one, ill go back to my wap life again.


                          Comment


                            #14
                            1. i had already a posted code to prevent registering a nick wid same email id or login couple of days ago check my posts.
                            2. To prevent this also add login field in it wid email and change this query to something like this
                            select login from users where login = $login and email = $email

                            Comment


                              #15
                              Originally posted by riderz View Post
                              i Have share my sql last time forgot to clear database then the ppl asked for the admin pasword when i went to the topic another guy posted my password so there are ways to decode the encrypted passwords i dnt know how he done it
                              easy, u were using a **** password lol.

                              g52k5+8g;3j5-@2

                              ^^^ the typical type of password id use for something like db login info.. chances are ud never guess it as its just random hits on buttons i like the look of.

                              MD5 is not decryptable. simple as that. one way hash. only way to find the password from the hash is using rainbow tables, no one has the capacity to store every single hash and a list of passwords they match.. its impossible. Add together the size of every HDD, usb stick, floppy disk, even your old C64 8kb tapes across this planet and you still wouldnt have enough. thats the basic facts of the matter. A strong password will never be found unless its out of pure pure luck they hit the same keys as you did (very very very slim)

                              Comment

                              Working...
                              X