Decrypt Encrypted Passwords In Forgot Password Script

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Decrypt Encrypted Passwords In Forgot Password Script

    I coded my own simple forgot password script.Everythings fine and working except the password because the password send to the user's mail is encrypted.How can i decrypt that password so that the password send to the user email address will be the true pw and not encrypted..
    I fetch the password from ibwf_users pass row thats why it is md5 encrypted..
    Please guys help me to fix this stuffs,
    Heres the code of my forgot password script...







    PHP Code:
    <?php
    /*
    PINOYGSM 2010 SCRIPT 
    BY WYVERN AKA L0RDRAYVEN 
    WYVERNSPACE@GMAIL.COM 
    (dont removed this copyrights) 
    */
     
     
    include("core.php");
    include(    "config.php");
     
    header("Content-type: text/html; charset=ISO-8859-1");
    echo     "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>";
    echo     "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\"\"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
    echo     "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
    echo     "<html>";
    echo     "<head>";
    echo     "<title>Forgot Password</title>";
    echo     "<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
    <meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
    <meta name=\"description\" content=\"mobile interactive community that can be access wherever you are in the world. It is made to connect people and to establish unity with tones of new exciting features like Scrembox, Forums, Articles, Chatrooms, Downloads, Clubs, Photo Gallery, Blogs, Polls, Chappel, Rpg Game, Lucky9, Jack En Poy, Spin The Wheel, Virtual Pets, Wap Jueteng And More Options That Entertain You And Makes You Busy\"/>
    <meta name=\"keywords\" content=\"pinoygsm, wyvern, l0rdrayven, free, community, forums, chat, wap, communicate, free sms, mp3, scandals, videos, games, downloads, scripts, ringtones, porn, xxx, hot, new, latest\"/>
    <link rel=\"shortcut icon\" href=\"fav.ico\" type=\"image/x-icon\"/>
    <link rel=\"stylesheet\" type=\"text/css\" href=\"default.css\"/>"    ;
    echo     "</head>";
        echo     "<body>";
    $bcon connectdb();
    if (!    $bcon)
    {
    echo     "<div align=\"center\"><div class=\"t2\">Error.!</div><br/>";
    echo     "Sorry Probably Our Database Cant Hold The System Of Our Server.<br/>";
    echo     "Please Come Back Later<br/><br/>";
    echo     "<div class=\"foot\">$mysite</div>";
    echo     "<br/>Page Took ";
    $load microtime();
    print (    number_format($load,2));
    echo     " Seconds";
    echo     "</div>";
    exit();
    }
    $do $_GET["do"];
    if(    $do=="")
    {
    echo     "<div align=\"center\">";
    echo     "<div class=\"head\">Password Retrieval</div><br/>";
    include(    "ads.php");
    echo     "<br/>";
    echo     "Please type your registered screename to retrieve your password.";
    echo     "<hr/>";
    echo     "<form action=\"forgotpw.php?do=get\" method=\"post\">";
    echo     "Screename:<br/><input type=\"text\" name=\"nick\" maxlength=\"15\"/><br/>";
    $text rand(11111,99999);
    echo     "Verification Code:<br/>";
    echo     "<img src=\"captcha.php?text=$text\" alt=\"verify\"/> ";
    echo     "<input type=\"text\" format=\"*n\" name=\"ucans\" maxlength=\"5\" size=\"5\"/><br/>";
    echo     "<input type=\"hidden\" name=\"rcans\" value=\"$text\"/>";
    echo     "<input type=\"submit\" value=\"Submit\"/>";
    echo     "</form>";
    echo     "<br/>";
    echo     "<a href=\"terms.php\">Register</a> <a href=\"index.php\">";
    echo     "Home</a>";
    echo     "<div class=\"foot\">$mysite</div>";
    echo     "<br/>Page Took ";
    $load microtime();
    print (    number_format($load,2));
    echo     " Seconds";
    echo     "</div>";
    echo     "</body>";
    }
     
    //////////////////////Get Password
    if($do=="get")
    {
    $nick $_POST["nick"];
    $ucans $_POST["ucans"];
    $rcans $_POST["rcans"];
    $uid getuid_nick($nick);
     
    echo     "<div align=\"center\">";
    echo     "<div class=\"head\">Password Retrieval</div><br/>";
    include(    "ads.php");
    echo     "<br/>";
     
    if(    checkuname($uid)=="1")
    {
    echo     "Username Doesnt Exist";
     
    }else if(    $ucans!=$rcans)
    {
    echo     "Image Verification Is Incorrect";
     
    }else{
     
    $gpw mysql_fetch_array(mysql_query("SELECT email, pass FROM ibwf_users WHERE id='".$uid."'"));
    $pwd $gpw[1];
    $email $gpw[0];
    if(    $gpw)
    {
    $msg "\n Username: ".$nick." \n Password: ".$pwd." \n\n Please Keep Your Password Safe! \n\n Dont distribute your login informations to anyone. \n Please ignore this mail if you recieve this without asking your password retrieval. \n\n Follow the link below to login into your account directly \n http://pinoygsm.net/in.php?u=".$nick."&p=".$pwd." \n\n Thank You, \n PinoyGsm.Net";
    $subj "Pinoygsm Password Retrieval";
    $headers 'From: noreply@pinoygsm.net' "\r\n" .
    'Reply-To: wyvernspace@gmail.com' "\r\n" .
    'X-Mailer: PHP/' phpversion();
    mail($email$subj$msg$headers);
    echo     "Password sent successfully to $nick's registed email.";
    }else{
    echo     "Database Error.!";
    }
    }
     
    echo     "<br/><br/>";
    echo     "<a href=\"forgotpw.php\">Back</a> <a href=\"terms.php\">Register</a> <a href=\"index.php\">";
    echo     "Home</a>";
    echo     "<div class=\"foot\">Pinoygsm</div>";
    echo     "<br/>Page Took ";
    $load microtime();
    print (    number_format($load,2));
    echo     " Seconds";
    echo     "</div>";
    echo     "</body>";
    }
    exit();
    ?>
    </html>
    Last edited by metulj; 18.05.10, 16:43. Reason: USE [ php ] TAG [ / php ] for posting php code !
    Tags: decrypt, forgot password, pinoygsm, wyvern
    #2
    it was said billion times before... md5 encryption in 'one way street'
    you cannot decrypt it... it can only be cracked(which takes time !)
    so this code will never work...
    it's wrong at first place and very insecure !

    it's wrong idea to fetch encrypted pass...
    instead... you should update field 'pass'
    and send that update to user...
    also you need to make sure that function cant be abused
    ie... if i know your email... i can change your pass anytime just to annoy you
    It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
    ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
    ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
    キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

    Comment

      #3
      Unless you store real passwords in your database also then there is no way of doing this.
      However Passwords In your database unencrypted is a security risk and not advised

      Recommendation is to have a page where people can update old passwords rather than store unencrypted passwords

      Comment

        #4
        you should email a token who request new password and then by going to link containing token he one can update password..
        Follow me @ksg91 | My Blog: http://ksg91.com | Nokia Blog: http://NokiaTips.in

        Comment

          #5
          Salt and Md5 your password. then when a user request a new password, it resets it to a radom string, sends a conformation link to the user's email. Asking him/her whether they want to reset pass. If they do, they click on the link, and it sends them the new password. That's the safest bet for you and your user's.

          Comment

            #6
            i dont think its a good idea.i used to use a security code while registration.when any user want to change his password or forget pass then they need to give the security code along with email address.
            and then i password automatically reset and send the reseted password to users email.oh.

            Comment

              #7
              Thanks guys but i coded a new forgot password script with security code and much secured, heres the demo link..
              Forgot Password

              Comment

              Previous template Next
              Working...
              X