How can I show a password stored in a passwordfield which was encrypted with md5/sha1/… So not the long string with mixed characters by the normal password the user entered.
Hi nonkelmike,
If is truly encrypted with md5, then it is not reversible. md5 is a hash and is a one-way process. You normally hash passwords (to protect them from anyone stealing them, even a system admin), then when someone types in a username / password, you hash the password again, and match the hashed values. md5 will create the same hash for a certain text.
You can look in the generated sec_Login to see how the hashes are compared, etc.
Jamie
ok thx for the explanation.
I asked this question, because i to store the email_password into a field and reverse it when i need it. I dont want to store ‘open’ into the code.
so when sending a mail i would use a global to transfer the pasword [glo_pw_mail] after using a sc_lookup to get it from a table.
How does other people to this?
As said before, md5, sha3 among others, are hash functions, not cyper/encryption functions. Hash functions can not be “unhash”. Yoy must use encryption functions. For example, mysql has aes_encrypt(), des_encrypt() and encrypt(). Encryption are reversible (when in use of the proper credentials)
While MD5 is deeply flawed when it comes to encryption, as been proven years ago; it still is one heck of a job to reverse an MD5 hash. If you want to have encrypted passwords only you as system administrator can reverse; use encryption - not a hashing function like MD5 which never was intended to be reversed from hash back to regular text.
You can write a simple php file wich call the function md5 and a new password string. Then update it with an IDE in the mysql database
you can even use the md5() function embedded in mysql:
update user set pass=md5('$pass') where username='$username';
If you need to store a password in a reverible way then you need to use a crypt method that allows this. I.e. SHA. In PHP you have openssl unit that allows you to do this. If you don’t need such a strong method you could use a simple crypt/decrypt routine you can find on the web.