Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/O Code)
 decrypt passwords (forget password function)
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

pricenetwork.ca
Starting Member

Canada
15 Posts

Posted - 09 August 2003 :  04:31:48  Show Profile  Visit pricenetwork.ca's Homepage
When members forget their passwords, how do I send them their old passwords via email without reseting their passwords.


I believe the passwords are encrypted in SHA256... How do I decrypt it into plain ol' text?


Thanks.


--------------
Canada's Price Comparison and Hot Deals site for Computers and Electronics
http://www.pricenetwork.ca

laser
Advanced Member

Australia
3859 Posts

Posted - 09 August 2003 :  04:33:44  Show Profile
You don't, they click on the "Forgot password?" link and go from there. There is nothing you can do to tell them their old password.
Go to Top of Page

pricenetwork.ca
Starting Member

Canada
15 Posts

Posted - 09 August 2003 :  04:37:04  Show Profile  Visit pricenetwork.ca's Homepage
so there is no way to decrypt it... oh boy...

They just have to reset it then? errr...

--------------
Canada's Price Comparison and Hot Deals site for Computers and Electronics
http://www.pricenetwork.ca
Go to Top of Page

laser
Advanced Member

Australia
3859 Posts

Posted - 09 August 2003 :  04:53:25  Show Profile
Yep, one-way encryption, no way to decrypt it.
Go to Top of Page

jimlord
New Member

USA
57 Posts

Posted - 02 December 2003 :  22:35:06  Show Profile
Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password

"That button did what?"
Go to Top of Page

AWD_ENVY
Junior Member

103 Posts

Posted - 02 December 2003 :  22:51:47  Show Profile
quote:
Originally posted by jimlord

Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password



There is NO WAY fesible to decrypt MD5 encryption. Thats the reason it's so popular(used in Goverment, CISCO routers....etc). It's a one-way encryption.

The way it works:
Encrypted password is stored in database.
When user enters password to login, the enterd text is encrypted to MD5 and then check if the value matches the one in the database.

Understand how it works now ?
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 02 December 2003 :  22:55:12  Show Profile  Visit dayve's Homepage
quote:
Originally posted by jimlord

Oy. I'm not an ecryption type of guy, so... is there any way to fix this so that we could decrypt if for this purpose? I get so many messages about people forgetting their passwords and even usernames. I'd love to just let them put in their email address, then email them their username/pass.

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49416&SearchTerms=lost,password



encryption is the responsible thing to do and I can't imagine that you are having that man people forget their passwords. if they are, then you probably don't really want them as members anyway. I know that sounds mean, but you are making it sound like this is a disaster when quite honestly it is not.


Edited by - dayve on 02 December 2003 22:56:16
Go to Top of Page

danQuirk
Starting Member

USA
2 Posts

Posted - 18 December 2003 :  18:19:23  Show Profile
The nature of my forum is such that users may visit it only once a year.

I understand that passwords are encrypted, but like other admins, I am constantly getting e-mails from users who can not remember their username. (Sometimes they remember the password).

Is there:

a. a way that a user can simply enter in there e-mail and get there username and password e-mailed to that address --assuming it is already registered.

B. or A way to find a username if you know their e-mail adress --so at least I could send them their username so they could retrieve their own password. Currently, If the person tells me the approximate date of their registration I can look up information by hand, but it is time consuming.

Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 18 December 2003 :  18:34:32  Show Profile
B would be possible, but A is not, as there is no way to decrypt the password to send it via email. It would be possible to just modify the forgot password page so that the user has the option of putting in their username or email address and then the email to reset the password is sent out.

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~
Go to Top of Page

danQuirk
Starting Member

USA
2 Posts

Posted - 19 December 2003 :  10:59:19  Show Profile
Thanks.

I really am not trying to decrypt the password --I'm just trying to help users find their username --but I see how they are related. However, it seems strange to think users may forget their password, but always remember their user name.

In any future upgrades I would love to see a feature added that allowed me (as the admin) to view the admin e-mail list in alphabetical order -- that way... I could, at the very least, easily locate a username for a given e-mail address.
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts

Posted - 19 December 2003 :  13:50:51  Show Profile
There might be a MOD for that. Have you looked at www.snitzbitz.com or searched the MOD forums here?

Nikkol ~ Help Us Help You | ReadMe | 3.4.03 fixes | security fixes ~
Go to Top of Page

easymark
Starting Member

28 Posts

Posted - 19 December 2003 :  15:24:25  Show Profile
Open up admin_emaillist.asp and find this around line 67 :


strSql4 = " ORDER BY MEMBER_ID ASC "

And change it to this :

strSql4 = " ORDER BY M_EMAIL ASC "



Edited by - easymark on 19 December 2003 15:25:27
Go to Top of Page

RebelTech
Average Member

USA
613 Posts

Posted - 19 December 2003 :  15:46:16  Show Profile  Visit RebelTech's Homepage  Send RebelTech an ICQ Message
quote:
Originally posted by danQuirk

Thanks.

I really am not trying to decrypt the password --I'm just trying to help users find their username --but I see how they are related. However, it seems strange to think users may forget their password, but always remember their user name.

In any future upgrades I would love to see a feature added that allowed me (as the admin) to view the admin e-mail list in alphabetical order -- that way... I could, at the very least, easily locate a username for a given e-mail address.



Look at this thread:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=49944

This will do what your wanting to do (emails) and probably a little more in the near future.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.26 seconds. Powered By: Snitz Forums 2000 Version 3.4.07