How to get actual password through forgot password mail in php?

Issue

My code is working fine but the actual problem is that the password retrieved from MySQL database after clicking submit button is same as stored in database in MD5 format like e10adc3949ba59abbe56e057f20f883e and well delivered to user’s inbox. But is it useless because of hash format.

Here is my working code; can I decrypt it before sending it back to users? I store password in MD5 format in MySQL database. I got email like “Your password : e10adc3949ba59abbe56e057f20f883e”

Html Code :

 <body>
 <h1>Forgot Password<h1>
 <form action='#' method='post'>
 <table cellspacing='5' align='center'>
 <tr><td>Email id:</td><td><input type='text' name='email'/></td></tr>
 <tr><td></td><td><input type='submit' name='submit' value='Submit'/></td></tr>
 </table>
 </form>

Php code :

 <?php
 if(isset($_POST['submit']))
 { 
  $servername = "localhost";
  $username = "username";
  $password = "password";
  $dbname = "testdb";

  // Create connection
  $conn = mysqli_connect($servername, $username, $password, $dbname);
 // Check connection
 if (!$conn) 
 {
  die("Connection failed: " . mysqli_connect_error());
 }

 $email=$_POST['email'];

 $sql = "select * from users where email='".$email."' ";
 $q = mysqli_query($conn, $sql);

 $p=mysqli_affected_rows();
 if($p!=0) 
 {
  $res=mysqli_fetch_array($q);
  $to=$res['email'];
  $subject='Remind password';
  $message='Your password : '.$res['password']; 
  $headers='From:[email protected]';
  $m=mail($to,$subject,$message,$headers);
  if($m)
 {
   echo'Check your inbox in email';
 }
 else
 {
  echo'email is not send';
 }
}
 else
 {
   echo'You entered email id is not present';
 }
 }
 ?>
 </body>

Solution

You can not decrypt a hashed password. The process you can follow is:

  • Send an email to the user with a link
  • Open that link with a new form after checking if the customer is using the verfiied using email id and token.
  • Give 2 textboxes to update his password/ set a new password.

Hope this helps!

Answered By – Harwinder Singh

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published