Author |
Topic |
|
pricenetwork.ca
Starting Member
Canada
15 Posts |
Posted - 09 August 2003 : 04:31:48
|
When members forget their passwords, how do I send them their old passwords via email without reseting their passwords.
I believe the passwords are encrypted in SHA256... How do I decrypt it into plain ol' text?
Thanks.
|
-------------- Canada's Price Comparison and Hot Deals site for Computers and Electronics http://www.pricenetwork.ca |
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 09 August 2003 : 04:33:44
|
You don't, they click on the "Forgot password?" link and go from there. There is nothing you can do to tell them their old password. |
|
|
pricenetwork.ca
Starting Member
Canada
15 Posts |
Posted - 09 August 2003 : 04:37:04
|
so there is no way to decrypt it... oh boy...
They just have to reset it then? errr... |
-------------- Canada's Price Comparison and Hot Deals site for Computers and Electronics http://www.pricenetwork.ca |
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 09 August 2003 : 04:53:25
|
Yep, one-way encryption, no way to decrypt it. |
|
|
jimlord
New Member
USA
57 Posts |
Posted - 02 December 2003 : 22:35:06
|
Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password |
"That button did what?" |
|
|
AWD_ENVY
Junior Member
103 Posts |
Posted - 02 December 2003 : 22:51:47
|
quote: Originally posted by jimlord
Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password
There is NO WAY fesible to decrypt MD5 encryption. Thats the reason it's so popular(used in Goverment, CISCO routers....etc). It's a one-way encryption.
The way it works: Encrypted password is stored in database. When user enters password to login, the enterd text is encrypted to MD5 and then check if the value matches the one in the database.
Understand how it works now ? |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 02 December 2003 : 22:55:12
|
quote: Originally posted by jimlord
Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password
encryption is the responsible thing to do and I can't imagine that you are having that man people forget their passwords. if they are, then you probably don't really want them as members anyway. I know that sounds mean, but you are making it sound like this is a disaster when quite honestly it is not.
|
|
Edited by - dayve on 02 December 2003 22:56:16 |
|
|
danQuirk
Starting Member
USA
2 Posts |
Posted - 18 December 2003 : 18:19:23
|
The nature of my forum is such that users may visit it only once a year.
I understand that passwords are encrypted, but like other admins, I am constantly getting e-mails from users who can not remember their username. (Sometimes they remember the password).
Is there:
a. a way that a user can simply enter in there e-mail and get there username and password e-mailed to that address --assuming it is already registered.
B. or A way to find a username if you know their e-mail adress --so at least I could send them their username so they could retrieve their own password. Currently, If the person tells me the approximate date of their registration I can look up information by hand, but it is time consuming.
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 18 December 2003 : 18:34:32
|
B would be possible, but A is not, as there is no way to decrypt the password to send it via email. It would be possible to just modify the forgot password page so that the user has the option of putting in their username or email address and then the email to reset the password is sent out. |
Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~ |
|
|
danQuirk
Starting Member
USA
2 Posts |
Posted - 19 December 2003 : 10:59:19
|
Thanks.
I really am not trying to decrypt the password --I'm just trying to help users find their username --but I see how they are related. However, it seems strange to think users may forget their password, but always remember their user name.
In any future upgrades I would love to see a feature added that allowed me (as the admin) to view the admin e-mail list in alphabetical order -- that way... I could, at the very least, easily locate a username for a given e-mail address. |
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
|
easymark
Starting Member
28 Posts |
Posted - 19 December 2003 : 15:24:25
|
Open up admin_emaillist.asp and find this around line 67 :
strSql4 = " ORDER BY MEMBER_ID ASC "
And change it to this :
strSql4 = " ORDER BY M_EMAIL ASC "
|
Edited by - easymark on 19 December 2003 15:25:27 |
|
|
RebelTech
Average Member
USA
613 Posts |
Posted - 19 December 2003 : 15:46:16
|
quote: Originally posted by danQuirk
Thanks.
I really am not trying to decrypt the password --I'm just trying to help users find their username --but I see how they are related. However, it seems strange to think users may forget their password, but always remember their user name.
In any future upgrades I would love to see a feature added that allowed me (as the admin) to view the admin e-mail list in alphabetical order -- that way... I could, at the very least, easily locate a username for a given e-mail address.
Look at this thread: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49944
This will do what your wanting to do (emails) and probably a little more in the near future. |
|
|
|
Topic |
|