Using phpMyAdmin question

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • nomad
    Recognized Expert Contributor
    • Mar 2007
    • 664
    #1

    Using phpMyAdmin question

    Hello Everyone.
    I have a general question to ask.
    When I looking up a table that contains passwords under the browser mode my passwords look like this
    500e670de29bfb9 8b7ef70ca48fdc0 7b

    is there a way so that I can look up what they really are.
    ie should be something like this
    goodphpcoder09x

    thanks
    nomad
    Tags: None
    • gnawz
      New Member
      • Nov 2006
      • 64
      #2
      Check if you set the Md5 function in the database on the password field.

      Alternatively, you could decrypt the password before displaying it.

      something like
      Code:
      <?
$sql = "SELECT user FROM users WHERE Password = PASSWORD ($password)";

or

$sql = "SELECT user FROM users WHERE Password = MD5($password)";
?>
      Hope it helps

        Comment

        • Atli
          Recognized Expert Expert
          • Nov 2006
          • 5062
          #3
          Originally posted by nomad
          is there a way so that I can look up what they really are.
          ie should be something like this
          goodphpcoder09x
          No, there isn't, and there shouldn't be.

          When a password is saved into a database, it is usually *hashed*.
          Hashing is kind of a one-way encryption, meant to make sure that the data can not be decrypted and read.
          This is done so that the passwords can not be read by anybody. Not even the system administrator. It makes sure your user's passwords are safe from everybody, even you.

          That is what you posted, and it can not be reversed.

          Why do you want to read it anyways?
          I have never come across a situation where I needed to see the original password of one of my users.

            Comment

            • Atli
              Recognized Expert Expert
              • Nov 2006
              • 5062
              #4
              Originally posted by gnawz
              Alternatively, you could decrypt the password before displaying it.
              No, you can't.

              Hashes can not be decrypted.
              The PASSWORD and MD5 functions create hashes, they do not decrypt them.

                Comment

                • pbmods
                  Recognized Expert Expert
                  • Apr 2007
                  • 5821
                  #5
                  Heya, nomad.

                  Under what context do you need to access User passwords? There might be an alternative.

                  For example, many websites allow the User to reset his password instead of emailing the password to him. This way, you never need to know what the User's password actually was; you simply need to have an alternate way of authenticating the User (generally by sending a "reset" link to the User's email account on file).

                    Comment

                    • nomad
                      Recognized Expert Contributor
                      • Mar 2007
                      • 664
                      #6
                      Thanks for the input everyone.
                      I was just wondering, I have a phpBB forum in which I was going to add a forum were everyone (member) will be able to submit images to the db and only certain member were be allowed to download the files from the db.

                      nomad

                        Comment

                        Previous template Next
                        Working...