Menu
I have database entry for password in md5 format, but when user uses the "Forgot password" then how can i give him/her the desired password?
407
As others described quite well, you cannot easily 'decrypt' an MD5 hash. I guess the best way to do your password recovery is like this: A user can request password recovery by providing his email address (it should be unique so users can be identified by email address).
03-24-2019 08:19 PM 07-03-2008 04:06 AM You will only specify 5 if the password has been previously encrypted. If you are entering a password and it is not encrypted it not accept it because it is not a valid MD5 string. Below is how to configure a username/password that will use the MD5 encryption.
MD5 is a one-way encryption which means that you cannot decipher the fingerprint to get the original string. Yet another feature of MD5 is that the algorithm will always generate the same fingerprint for a given string. This tutorial demonstrates how to use PHP md5 function to encrypt the passwords in your website.
Here is how to set a MD5 password while inserting your values in PHPMyAdmin: Browse to the “users” table (or whatever the name of your table is) The “auto_id” needs to stay empty (will be automatically set) To do this, find the “MD5” function in the dropdown list. Not so complicated hum?
You can't do that from an MD5 hash; nor should you be able to. Password recovery ought to be intractable.
The usual process is to send a password-reset token (URL) to their email address so that the user can choose a new password.
146
You can't - MD5 is simply a "one way" hash - not a means of encrypting data that can subsequently be de-crypted.
As such, the general idea is to:
Send the user an email to their registered address with a reset link in it. (To prove they actually own the address.) The reset link should contain a hash based on some aspect of their specific user data so it can't be easily guessed, etc. (e.g.: Account creation time.)
When the user clicks the link they land on a password reset page that checks the above hash, generates a new password (ideally a mix of upper/lower and some numeric characters, although I always tend to omit character such as '0', 'o', 'O', etc. for the sake of clarity) and then sends the user the new password in an email, advising them that they should change this password as soon as possible.
The user can then log-in and access the site as per usual.
39
You can't do it without putting the password in the database, which is undesirable, but you can generate him/her a new password and send it to them. Or a link where they can reset their password.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
