944,052 Members | Top Members by Rank

Web Development > PHP > hashing passwords - forgetful users?!
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 660
  • PHP RSS
Permalink
Oct 23rd, 2009
0

hashing passwords - forgetful users?!

Expand Post »
Hi

So story goes, Ive recently started hashing user passwords to protect access, but have come to a bit of a problem in that if a user forgets their password, Im unable to retrieve it for them, because all I have is the salted-md5 hash?

How has everyone else overcome this problem?

lowrks
Similar Threads
Reputation Points: 15
Solved Threads: 2
Junior Poster
lifeworks is offline Offline
145 posts
since Nov 2007
Permalink
Oct 23rd, 2009
0
Re: hashing passwords - forgetful users?!
its not possible the crack the md5 encrypted string , because its an one sided encryption.
Its been done with the huge database actually. Have a look at this -
http://md5crack.com/crackmd5.php
Last edited by network18; Oct 23rd, 2009 at 3:48 am.
Reputation Points: 29
Solved Threads: 76
Practically a Master Poster
network18 is offline Offline
616 posts
since Sep 2009
Permalink
Oct 23rd, 2009
0
Re: hashing passwords - forgetful users?!
You need to understand that a salted hash is irreversible (without the original text and salt). Thats the point of it.

You either need to generate them a new password and send it to them or give them access to a reset password page on your site.

By the reset password page, I mean you need to send them a link with a unique code only for them. I also set a cookie with another random string and compare the two with the database entry. If they match then they put in their new password.
Reputation Points: 235
Solved Threads: 193
Nearly a Posting Virtuoso
kkeith29 is offline Offline
1,315 posts
since Jun 2007
Permalink
Oct 23rd, 2009
0
Re: hashing passwords - forgetful users?!
cool, i do understand that md5 is irreversible, just wondering what the conventional solution is. Thanks for the help - I think i will go the 'generate them a new password route'.

lworks
Reputation Points: 15
Solved Threads: 2
Junior Poster
lifeworks is offline Offline
145 posts
since Nov 2007
Permalink
Oct 23rd, 2009
0
Re: hashing passwords - forgetful users?!
There isn't an effective way to do this.

The best way would allow the users to reset their password and send them a copy via email.

I was pretty new to php when I made this but you can make your own adjustments.

PHP Syntax (Toggle Plain Text)
  1. <?php
  2. //3 arrays of random numbers and letters
  3. $caps = array("A", "B", "C", "D", "E", "F");
  4. $lcase = array("a", "b", "c", "d", "e", "f");
  5. $num = array("1", "2", "3", "4", "5", "6");
  6.  
  7. //radnomly generate a password using caps, lcase & num
  8. $char1 = $caps[round(rand(-0.4, 5.4))];
  9. $char2 = $lcase[round(rand(-0.4, 5.4))];
  10. $char3 = $num[(round(rand(-0.4, 5.4)))];
  11. $char4 = $caps[round(rand(-0.4, 5.4))];
  12. $char5 = $num[(round(rand(-0.4, 5.4)))];
  13. $char6 = $lcase[round(rand(-0.4, 5.4))];
  14. $char7 = $caps[round(rand(-0.4, 5.4))];
  15. $char8 = $num[round(rand(-0.4, 5.4))];
  16.  
  17. $newpassword = $char1.$char2.$char3.$char4.$char5.$char6.$char7.$char8;
  18.  
  19. //this is just to make md5 more secure, you may want to remove this if you dont add anything to your passwords. 			
  20. $randomword = "salt";
  21. $safepword = md5($newpassword.$randomword);

email them with $newpassword & add safepword to your Database.
Last edited by liamfriel; Oct 23rd, 2009 at 9:46 am.
Reputation Points: 13
Solved Threads: 13
Junior Poster
liamfriel is offline Offline
101 posts
since Oct 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: PHP Banner Rotation
Next Thread in PHP Forum Timeline: How to reference one function from another from within a class in php


Tags
crack, md5, passwords



About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC