Markus  6,050
Recognized Expert Expert
Another day, another question. :)
I'm now onto building a login for my current project - image host.
User submits password > password is encoded
Like so: -
('$username', PASSWORD('$password'), '$dispName', '$email')";
-
Now say, if i were to email them their password, (they've forgotten it?), it would send the encoded password and not the one they input! And i'm unsure of how to Decode it.
This is just soemthing i was using to see how i could decode it, this isnt the actual way i will go about it ;)
Obviously it doesn't work.. -
$query = "SELECT `ziprar_loginPass` FROM `ziprar_users` WHERE `ziprar_loginName` = 'markusn00b'";
-
$res = mysql_query($query);
-
while($row = mysql_fetch_array($res)){
-
echo $row['PASSWORD(ziprar_loginPass)'];
-
}
-
Any ideas?
Thanks :)
5 11288  Atli 5,058
Recognized Expert Expert
Hi Markus.
You should never have to decode a password in your database. If a user forgets his/her password, you should rather generate a random password for them and send that to them via email, so they can log in and change it.
Nobody, including you, should be able to decode your user's passwords from the database. That is information only your users should be able to know. That is why we use hashing algorithms, because they can not be reversed (without major hacking) which makes them much harder to break than algorithms that can be reversed.
Markus 6,050
Recognized Expert Expert
Hi Markus.
You should never have to decode a password in your database. If a user forgets his/her password, you should rather generate a random password for them and send that to them via email, so they can log in and change it.
Nobody, including you, should be able to decode your user's passwords from the database. That is information only your users should be able to know. That is why we use hashing algorithms, because they can not be reversed (without major hacking) which makes them much harder to break than algorithms that can be reversed.
Hmm... but then surely i'd have to update the password on their request without clarifying that they are indeed the actual user of that email address...
If you understand me?
Oh wait, no i see!
I'd just send an email to have the user confirm that they did request their password to be reset!
Thanks!
Atli 5,058
Recognized Expert Expert
This is true. But you could, for example, send them a link to a 'change password' page on which, the newly generated password would work, while the old one would still be valid using the normal login procedures.
That way, even if some prankster is going around reporting missing passwords for users he doesn't own, nobody is required to change their password, they only get an email saying that somebody reported that they had forgotten their password, which they could ignore.
And if you are getting frequent false reports of lost passwords, record the IP address of the people sending the reports and block them.
Markus 6,050
Recognized Expert Expert Atli 5,058
Recognized Expert Expert Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Jordy |
last post by:
Environment:
Sun servers running solaris 2.8
Php 4.3.6
Apache 1.3.29
Mysql 4.1.1
phpMyAdmin 2.6.0-alpha1
phpAds 2.0
PhpMyadmin and phpAds don't succeed to connect the MySql database when
|
by: Matthias Stern |
last post by:
Hello!
I've got a Javascript-PHP encoding problem.
(1) Here is the short version:
==============================
I'm sending a form textfield via Javascript(!) as URL parameter (GET)
from one php-page to another and want to send all possible special
|
by: ruud |
last post by:
I just installed MySQL server 3.23.58-1. Now I can't find the password en
can's change the settings. Who knows this password?
|
by: Adam Smith |
last post by:
I have a new DB provided by my ISP don't know details of installation,
setup etc.
I can log in as anybody except root.
mysql -h localhost -u mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 71 to server version: 4.0.16-log
mysql -h localhost -u xxxxx
|
by: Peter Row |
last post by:
Hi all,
Here is my problem:
I have a SQL Server 2000 DB with various NVarChar, NText fields in its
tables.
For some stupid reason the data was inserted into these fields in UTF8
encoding.
However when you retrieve these values into a dataset and ToString() them
| | |
by: chuy |
last post by:
Is there a way to recover a lost password in Mysql 4.1. I have seen many
articles and howto's on how to kill the Mysql process and then restart using
skip grant tables option. I am not trying to reset the password but rather
recover it. Resetting the password to something else would cause a problem
some of the underlying programs that rely on MySQL. I don't feel like
changing code for every application that is using MySQL in my site.
...
|
by: MLH |
last post by:
I'm supposed to set a password for the MySQL root user. The output of
mysql_install_db instructed me to run the following commands...
/usr/bin/mysqladmin -u root -h appserver password mynwewpasswd
I did. It did not work. Here's the error:
/usr/bin/mysqladmin: connect to server at 'appserver' failed
error: 'Host 'appserver.crci.com' is not allowed to connect to this
MySQL server'
Another command I'm supposed to run also resulted in an...
|
by: Johann Blake |
last post by:
In my need to decode a JPEG 2000 file, I discovered like many that
there was no functionality for this in the .NET Framework. Instead of
forking out a pile of cash to do this, I came up with the idea that
costs nothing and it is inheritently built into the Framework. So here
is the solution...
When you use the WebRequest and WebResponse classes to obtain graphics
from a web site, these classes have built-in decoding for JPEG 2000
files....
|
by: Markus |
last post by:
Another day, another question. :)
I'm now onto building a login for my current project - image host.
User submits password > password is encoded
Like so:
('$username', PASSWORD('$password'), '$dispName', '$email')";
Now say, if i were to email them their password, (they've forgotten it?), it would send the encoded password and not the one they input! And i'm unsure of how to Decode it.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
