I have just started using a new script to allow members access to a members only area. The script encrypts the password that user submits when creating an account and whenever it is called within scripts. When members first register I want to send them an e-mail confimring thier password and username, however when I enter this in the sendmail.php : PHP: Your login details are:Username: $usernamePassword: $userpassYou can login at http//www However the e-mail come back with the password encrypted. It's all in MD5. The top half of the sendmail script looks like this: PHP: if ($username == "" or $userpass == "" or $useremail == ""){$msg3=true;}$email2="email@yourdomain.co.uk";$email = $useremail;$name = $name;if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}$", $email)) { $msg4 = true; $pass = "no"; }if (!isset($useremail))$userpass = md5($userpass);echo "Error, Please re-send $username" ; I entered the $userpass = md5($userpass); bit to try it out. But it doesn't work. Does anyone know of a way I can get the password decrypted to send in the e-mail??? Thanks *moved into php forum - nick
Hi, I dont really understand you code, perhaps you could post the whole thing? One way you could get around it, assuming you are storing the details in a mysql database, is to add a field 'unecrypted pass' where password is stored as entered, use this to call in the email, then delete this field when the email is sent to ensure details are secure. I personally use md5 and a random generated salt to encrypt user password, making doubly sure.
Yeh, use this to generate it: PHP: function generate_salt(){return random_str(8);} Then to process the password.. PHP: $md5password = md5($password);$salt = generate_salt();$saltedpw = salt_password($md5password, $salt); Make sure you store the salt and the saltpw in the database, so you can process their login!
Er.. pass! Not really sure, think its just like the salt the password, like adding salt to a receipe you change it completly. Thats what I always thought anyway.
