How to Reset MD5 Password

**hsriat** · May 28 '08, 11:10 AM

Not Possible!

md5 is a one way algorithm.

**Markus** · May 28 '08, 06:54 PM

Originally posted by hsriat

Not Possible!

md5 is a one way algorithm.

If it was reversible, what would be the point?!

**hsriat** · May 28 '08, 08:10 PM

sorry... didn't get..

PS: English is my third language

**Markus** · May 28 '08, 08:52 PM

Originally posted by hsriat

sorry... didn't get..

PS: English is my third language

I was just saying, if an md5 was reversible, then the point of an md5 would be flawed. If you understand?

**TheServant** · May 28 '08, 10:29 PM

Yeah, so I guess following on from then. MD5() cannot be "reset". Even if you could it would have the same output, because it is the same function for everyone. Why do you want to "reset" it anyway?

**pbmods** · May 29 '08, 12:21 AM

Heya, apking.

Are you trying to reset an MD5-encrypted password that is stored in a database?

**apking** · May 29 '08, 05:20 AM

yees.. password stored md5 format in database.when user wants reset his password.then it will reset and send to user email and also update new reset md5 format in database.

**dlite922** · May 29 '08, 05:34 AM

Originally posted by apking

yees.. password stored md5 format in database.when user wants reset his password.then it will reset and send to user email and also update new reset md5 format in database.

Your user table should contain the user information but atleast minimum the following info:
id
username
password
verification
emailAddress

The password will always be MD5() encrypted. When the user requested a lost password or password reset here are the steps that need to happen.
At the sign in page, they must enter a username, If that username exists, the system should create a random string (at least 20 characters long and must be Unique, meaning no other user must have this string)

The system will create and send an email to the user's email address. The email will contain a link to a PHP page with the randmom verification string you just created in the URL (as GET[]).

The PHP page takes that random string and finds that record in the DB.

At this point we are sure that the user who clicked on this link is the user who owns this account (since he obviously can get into his email)

At this point offer the password fields and store this new password and ERASE the verification string.

The user's password is now reset.

Other Method:

Instead of the verification string to send in an email, just make up a random string and set it as the password. Then email him and tell him this is his new password.

He can then log in using that password, and change it (assuming you have a password reset page) once logged in.

Let me know if this is unclear,

Cheers,

Dan

How to Reset MD5 Password

How to Reset MD5 Password

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment