[eluser]KingSkippus[/eluser]
[quote author="ravi_kachh" date="1279723182"]Yes,
This is the main requirement. I need password in the original form so that I can show it to admin while editing users record.
Thanks[/quote]
I'll add to the chorus of others here in reiterating that this is an extremely terribly bad idea. Please, please,
please do not do this, it
will cause you much pain and anguish. I knew a guy once who was a really nice guy all of his life, but when he died, they actually denied him entry into heaven because he did this once when he was a beginner coder.
Standard practice is that if an administrator has to have access to a user's account, they reset the password. This keeps them honest and, as mentioned above, from directly impersonating a user. Yes, the user will realize that something is amiss the next time they log in and their password doesn't work.
That's the point. Also, users cannot just click a "show me my password" button. If they forget it, they have to reset it, or else the site will create a random one for them that they can change at next login.
Frankly, if you have a web site that stores or otherwise conveys passwords in clear text, I'd appreciate you letting me know what it is so that I will diligently avoid it. I don't care if you have the next Google, if you use a security practice that is this hideously bad, I want no part of it.
So with all of that being said, I'm genuinely curious. Why exactly do you have to show the user's password to an administrator while editing the user's record? Whatever it is, I'm sure we can figure out some way around it to accomplish your goals and, most importantly, maintain security.