Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Send password md5 from database table to a email message
Send password md5 from database table to a email message
  • El Forum
    Guest
  •  
#1
05-10-2011, 01:06 PM

[eluser]Leonel Folmer[/eluser]
I need some help to send password md5 from database in a e-mail message function, Im dont know how to solve this, any help will be appreciated.

Code:
function send(){    
    $query = $this->db->get('admin');
            
    $this->load->library('email');    
    foreach ($query->result() as $row)
    {    
    $this->email->from('[email protected]', 'Your password');
    $this->email->to($row->email);
    $this->email->subject('Your password');
    $this->email->message($row->pasword); //here is the problem
    $this->email->send();    
    }  
}
  • El Forum
    Guest
  •  
#2
05-10-2011, 01:17 PM

[eluser]danmontgomery[/eluser]
MD5 is a one-way hash, you're not going to be able to return it to plain text... This is the entire concept of MD5 (one way hashing in general)

Your options are to store the password with a two-way hash that can be encrypted and decrypted as needed (ill advised), or generate a new password for the user.
  • El Forum
    Guest
  •  
#3
05-10-2011, 03:36 PM

[eluser]cideveloper[/eluser]
Standard practice nowadays is to have a reset password mechanism, not send forgotten password. Send them a link in the email that they have to click on and then either send them a new password like noctrum said or just have them enter a new password on that page and then log them in. On thing you should try to incorporate that a lot of people use is security questions. That way when they click on the link in the email they still have to answer a security question. This avoids the problem of someone hijacking an email address.

So many security issues to deal with all the time...uggh so tired.
  • El Forum
    Guest
  •  
#4
05-10-2011, 07:25 PM

[eluser]cryogenix[/eluser]
yes md5 is only 1 way. but in case you really want to send them the password and not the "reset" way, you have 2 options with CI,

first is to use the encryption class:

Code:
$this->load->library('encrypt');
$hashed_password = $this->encrypt->encode($raw_password, 'y0ur3ncryp+!0nk3y');

you can then save that on a 32 bit varchar field in your db. and after which, you can retrieve the values like this:

Code:
$unhashed_pssword = $this->encrypt->decode($hashed_password, 'y0ur3ncryp+!0nk3y');

*take note that your encryption key can also be set on a config file and for more info, please consult: http://ellislab.com/codeigniter/user-gui...ption.html

second option is to use AES encryption directly on your models. you can do it like this:

Code:
$this->db->query("INSERT INTO `table` (`password`) VALUES (AES_ENCRYPT('" . $this->input->post('raw_password') . "', '" . $this->config->item('aes_key') . "'))");

*save that into a 128 bit varchar field in your db. i'm not sure how you can really translate it btw using simple active record so i made it into a raw sql query

you can then select it later for retrieval using AES_DECRYPT(`password`, 'your aes key')

~ there you have it. i just hope you take the proper security measures in mind
  • El Forum
    Guest
  •  
#5
05-10-2011, 08:03 PM

[eluser]Leonel Folmer[/eluser]
Got it, thank you all for the explanations, any way, is only a small news system and a option to the administrator recover the password in case he lost.




Theme © iAndrew 2016 - Forum software by © MyBB