Hi everybody !
I've used the "crypt()" function in PHP to save password of a user
logging in a web-based system. Based on a book that I've read (PHP
advanced by Larry UllMan), there is no way that we can recover
(decode) the password once it is encrypted.
Is there any other ways that I can still encrypt a password, save it
in the database and still able to see it later (instead of a string of
junk) ?
PS: the reason I am writing this question is because I like to write a
feature that will e-mail the user his/her password to his/her e-mail
if he/she doesn't remember the password to log in the system.
Any help would be greatly appreciated !!!!
Jay
9  10308 
Jay wrote: Is there any other ways that I can still encrypt a password, save it
in the database and still able to see it later (instead of a string of
junk) ?
PS: the reason I am writing this question is because I like to write a
feature that will e-mail the user his/her password to his/her e-mail
if he/she doesn't remember the password to log in the system.
Instead of mailing the current password, create a new random password
and save it encrypted to the database.
When the user next logs on, he will be able to change the password to
something s/he likes better.
--
USENET would be a better place if everybody read: : mail address : http://www.catb.org/~esr/faqs/smart-questions.html : is valid for : http://www.netmeister.org/news/learn2quote2.html : "text/plain" : http://www.expita.com/nomime.html : to 10K bytes :
If you can decrypt it, then what would be the point of encrypting it.
If your user forgets their password, set a new one, send an email to the
email address you have stored for them, request they login with the new
password and change it.
You can either send the new password in plain text or follow a link from the
email which will auto log them in.
"Jay" <ar********@yah oo.com> wrote in message
news:56******** *************** **@posting.goog le.com... Hi everybody !
I've used the "crypt()" function in PHP to save password of a user
logging in a web-based system. Based on a book that I've read (PHP
advanced by Larry UllMan), there is no way that we can recover
(decode) the password once it is encrypted.
Is there any other ways that I can still encrypt a password, save it
in the database and still able to see it later (instead of a string of
junk) ?
PS: the reason I am writing this question is because I like to write a
feature that will e-mail the user his/her password to his/her e-mail
if he/she doesn't remember the password to log in the system.
Any help would be greatly appreciated !!!!
Jay
If you want details of a reversible encryption routine for PHP then take a
look at http://www.tonymarston.net/php-mysql/encryption.html.
--
Tony Marston http://www.tonymarston.net
"Jay" <ar********@yah oo.com> wrote in message
news:56******** *************** **@posting.goog le.com... Hi everybody !
I've used the "crypt()" function in PHP to save password of a user
logging in a web-based system. Based on a book that I've read (PHP
advanced by Larry UllMan), there is no way that we can recover
(decode) the password once it is encrypted.
Is there any other ways that I can still encrypt a password, save it
in the database and still able to see it later (instead of a string of
junk) ?
PS: the reason I am writing this question is because I like to write a
feature that will e-mail the user his/her password to his/her e-mail
if he/she doesn't remember the password to log in the system.
Any help would be greatly appreciated !!!!
Jay
Thanks for everybody's helps !!!
I got the idea !
Jay
Just to say... If you guys really want to learn about programming from a
'real' programmer please visit the Tony Marton site.
Thanks a lot Tony
"Tony Marston" <to**@NOSPAM.de mon.co.uk> wrote in message
news:c7******** ***********@new s.demon.co.uk.. . If you want details of a reversible encryption routine for PHP then take a
look at http://www.tonymarston.net/php-mysql/encryption.html.
--
Tony Marston
http://www.tonymarston.net
"Jay" <ar********@yah oo.com> wrote in message
news:56******** *************** **@posting.goog le.com... Hi everybody !
I've used the "crypt()" function in PHP to save password of a user
logging in a web-based system. Based on a book that I've read (PHP
advanced by Larry UllMan), there is no way that we can recover
(decode) the password once it is encrypted.
Is there any other ways that I can still encrypt a password, save it
in the database and still able to see it later (instead of a string of
junk) ?
PS: the reason I am writing this question is because I like to write a
feature that will e-mail the user his/her password to his/her e-mail
if he/she doesn't remember the password to log in the system.
Any help would be greatly appreciated !!!!
Jay
Pedro Graca <he****@hotpop. com> wrote in message news:<c7******* *****@ID-203069.news.uni-berlin.de>... Jay wrote:
<snip>
Instead of mailing the current password, create a new random password
and save it encrypted to the database.
I vouch Pedro and it is the good practice. If the passwords can be
decrypted, you _may_ not be able to get privacy certifications for
example <http://www.truste.org/>
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
You are missing the point. These passwords are encrypted when being written
to the database and have nothing to do with encrypting passwords between the
client browser and the server. As both the database and PHP are server-side,
not client-side, it does not matter what encryption algorithm it uses, or if
it offers a decryption routine. These passwords are only visible to people
who have access to the database on the server, but if these passwords are
encrypted then that is an extra level of security at the server end.
--
Tony Marston http://www.tonymarston.net
"R. Rajesh Jeba Anbiah" <ng**********@r ediffmail.com> wrote in message
news:ab******** *************** ***@posting.goo gle.com... Pedro Graca <he****@hotpop. com> wrote in message
news:<c7******* *****@ID-203069.news.uni-berlin.de>... Jay wrote:
<snip>
Instead of mailing the current password, create a new random password
and save it encrypted to the database.
I vouch Pedro and it is the good practice. If the passwords can be
decrypted, you _may_ not be able to get privacy certifications for
example <http://www.truste.org/>
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
[Top-post fixed]
"Tony Marston" <to**@NOSPAM.de mon.co.uk> wrote in message news:<c7******* ************@ne ws.demon.co.uk> ... "R. Rajesh Jeba Anbiah" <ng**********@r ediffmail.com> wrote in message
news:ab******** *************** ***@posting.goo gle.com... I vouch Pedro and it is the good practice. If the passwords can be
decrypted, you _may_ not be able to get privacy certifications for
example <http://www.truste.org/>
You are missing the point. These passwords are encrypted when being written
to the database and have nothing to do with encrypting passwords between the
client browser and the server. As both the database and PHP are server-side,
not client-side, it does not matter what encryption algorithm it uses, or if
it offers a decryption routine. These passwords are only visible to people
who have access to the database on the server, but if these passwords are
encrypted then that is an extra level of security at the server end.
I was talking about the privacy and the right practice... If the
encrypted password that is stored in db can be decrypted by the site
admin, you lose your privacy. For the right privacy requirement, your
password should not be accessible/decrypted *even* by the site admin.
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Tony Marston <to**@nospam.de mon.co.uk> wrote: You are missing the point. These passwords are encrypted when being
written to the database and have nothing to do with encrypting
passwords between the client browser and the server. As both the
database and PHP are server-side, not client-side, it does not matter
what encryption algorithm it uses, or if it offers a decryption
routine.
This is not what the OP was asking about. He was clearly asking how to
decrypt a password inorder to sent it by email to a user.
These passwords are only visible to people who
have access to the database on the server, but if these passwords are
encrypted then that is an extra level of security at the server end.
Sending a decrypted password to users adds extra vulnerabilities , a user
might have the same password on other systems. So if someone can fool
the application to send the old password it's potentially more dangerous
than sending a new random password.
--
Daniel Tryba This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Lobang Trader |
last post by:
Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length
for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM_LENGTH = ??????
|
by: Newbie |
last post by:
How would I modify this form
to encode *all* the characters
in the 'source' textarea to the
'%xx' format & place result
code into the 'output' textarea?
(cross browser compatable)
Any help is appreciated.
Regards.
|
by: Damir Hakimov |
last post by:
Hi *!
I found a strange bug in base64.encode and decode, when I try to encode
- decode a file 1728512 bytes lenth.
Is somebody meet with this? I don't attach the file because it big, but
can send to private.
Which solution for transfer file (binary data) via string-only object?
Damir.
|
by: AR |
last post by:
I would like to know more about the Encode/Decode feature available
within MS Access.
This is what I have read from Microsoft Office OnLine:
"The simplest method of protection is to encode the database. Encoding
a database compacts the database file and helps protect it from being
read by a word processor."
Is this recommended as a best practice? What is the impact on
|
by: _mario.lat |
last post by:
hallo,
I use PHP and I'd like to not write in hardcoded way password
and login to access to mysql.
how to not write password in code for access to mysql?
How can I do?
I'd like that who see my code don't see my paswords.
there is a solution?
Thank you in advance.
Mario.
| | |
by: 7stud |
last post by:
s1 = "hello"
s2 = s1.encode("utf-8")
s1 = "an accented 'e': \xc3\xa9"
s2 = s1.encode("utf-8")
The last line produces the error:
---
Traceback (most recent call last):
|
by: mario |
last post by:
Hello!
i stumbled on this situation, that is if I decode some string, below
just the empty string, using the mcbs encoding, it succeeds, but if I
try to encode it back with the same encoding it surprisingly fails
with a LookupError. This seems like something to be corrected?
$ python
Python 2.5.1 (r251:54869, Apr 18 2007, 22:08:04)
on darwin
|
by: J Peyret |
last post by:
Well, as usual I am confused by unicode encoding errors.
I have a string with problematic characters in it which I'd like to
put into a postgresql table.
That results in a postgresql error so I am trying to fix things with
<string>.encode
he Company�s ticker
Trying for an encode:
|
by: anonymous |
last post by:
1 Objective to write little programs to help me learn German. See code
after numbered comments. //Thanks in advance for any direction or
suggestions.
tk
2 Want keyboard answer input, for example:
answer_str = raw_input(' Enter answer ') Herr Üü
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
