how admin to change the password when we are using md5 hash

Post Reply
User avatar
viddz
Sergeant Major
Sergeant Major
Posts: 45
Joined: Fri Aug 26, 2011 6:06 am
Location: Colombo

how admin to change the password when we are using md5 hash

Post by viddz » Wed May 02, 2012 2:55 am

Iam using md5 hash to encrypt passwords. i dont have idea about how to give admin privileges to change users passwords? any ideas?? Do i have to remove md5 hash and store passwords normally?
User avatar
Saman
Lieutenant Colonel
Lieutenant Colonel
Posts: 828
Joined: Fri Jul 31, 2009 10:32 pm
Location: Mount Lavinia

Re: how admin to change the password when we are using md5 hash

Post by Saman » Wed May 02, 2012 8:48 am

Do i have to remove md5 hash and store passwords normally?
No..you don't have to. Think about the following steps.
  1. First you ask the user to login. He enters username and password.
  2. Then you authenticate the user. How do you do that?
    1. You call the database to get the password hash for given username. Say it is H1
    2. Then you apply the same hash algo to user's password entry to get H2
    3. If H1 and H2 are equal then user login information are correct.
    4. Maintain login status using a session key
  3. Now get the user to password change screen.
  4. Ask to enter new password with another confirm password box.
  5. Convert the entered password in to hash and update database.
User avatar
viddz
Sergeant Major
Sergeant Major
Posts: 45
Joined: Fri Aug 26, 2011 6:06 am
Location: Colombo

Re: how admin to change the password when we are using md5 hash

Post by viddz » Wed May 02, 2012 11:56 pm

@ saman thanks for ur kind reply.
But thats not my problem u have get it wrong. May be due to my bad language skills.

<<This is wat i wannt to do>>>
Way to change the passwords of users by the admin. Not by them selves(users). Admins dont know users passwords. They can only take the hash values. do they have to delete old password and store new 1???? or anyother way ??
User avatar
Saman
Lieutenant Colonel
Lieutenant Colonel
Posts: 828
Joined: Fri Jul 31, 2009 10:32 pm
Location: Mount Lavinia

Re: how admin to change the password when we are using md5 hash

Post by Saman » Thu May 03, 2012 12:29 am

do they have to delete old password and store new 1???? or anyother way ??
Ok..got it. So exactly as you said, admin should delete the old password and then generate the hash for the new password and update the database. There is no way to get the raw text from a one way hash code such as MD5. However if you use an encryption mechanism, you can decrypt it to get the raw password.

Hash definition is something like:
H(t) = hc
H - hash function
t - your text
hc - generated hash code

It is very hard to evaluate a function T such that T(hc) = t. So this is considered impossible in computing world.

Encryption definition:
E(t) = et
D(et) = t
E - encryption function
D - Decryption function
t - text
et - encrypted text
User avatar
viddz
Sergeant Major
Sergeant Major
Posts: 45
Joined: Fri Aug 26, 2011 6:06 am
Location: Colombo

Re: how admin to change the password when we are using md5 hash

Post by viddz » Fri May 04, 2012 2:01 am

elaz. Thanq :D :D :D
Post Reply

Return to “PHP & MySQL”