How to decrypt Password which is encrypted by SHA($Password) technique.

Question

ankit.pandey3 -8 Junior Poster in Training

13 Years Ago

<?php    
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
    if(empty($LoginId)){echo 'Please enter Login Id';}
    elseif(empty($Password1)){echo 'Please enter Password';}
    elseif(empty($Password2)){echo 'Please confirm Password';}
    elseif($Password1!==$Password2){echo 'Password didn\'t match';}
        elseif(empty($Name)){echo 'Please enter Name';}
        elseif(empty($Age)){echo 'Please enter Age';}
        elseif(!isset($_POST['Sex'])){}
        elseif(empty($Qualification)){echo 'Please enter Qualification';}
        elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
        elseif(empty($Email)){echo 'Please enter Email';}
        elseif(empty($Address)){echo 'Please enter Address';}
        elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
        elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
        elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
        else
        {
        require_once('database.php');
        $query="select * from registration where LoginId='$LoginId'";
        $result=mysqli_query($dbc,$query);
        if(mysqli_num_rows($result)==0) 
        {           
        $checkbox=$_POST['checkbox'];
        $countCheck=count($_POST['checkbox']);
        $reg_id=' ';
        for($i=0;$i<$countCheck;$i++)
        {
        $reg_id=$reg_id.$checkbox[$i].',';
        $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
        $result=mysqli_query($dbc,$query) or die("Not Connected");
        }
        $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
        $result=mysqli_query($dbc,$query) or die("Not Connect");

        echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
        $from= 'Elite Brigade';
        $to='ankitp@rsquareonline.com';
        $subject='New User Registration';
        $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
        mail($to,$subject,$message,'From:'.$from);
        //header('Location: index.php');
        //  header('Location: Registration.php');
        }
        else
        {
        echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
        }}  
}       
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>

      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }



   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>

Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

php

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

6 Contributors
9 Replies
2K Views
5 Days Discussion Span
Latest Post 13 Years Ago Latest Post by cereal

dos_killer 5 Junior Poster in Training

13 Years Ago

not reversible...
you could allow the user to change the password though on forget password !

chrishea 182 Nearly a Posting Virtuoso

13 Years Ago

Your code didn't display properly because you used (php) not (code=php).

Most of the encryption methods used for passwords are not reversible because it makes them more secure. Even with access to the database, you can't determine what the actual password is (except maybe by brute force). The normal approach for a lost password is for you to replace the lost password with a temporary password that you give them (and force them to change on the first login) or, allow them to create a new password to replace the one that was lost.

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

cereal 1,524 Nearly a Senior Poster

13 Years Ago

I suggest you to read this:

http://codahale.com/how-to-safely-store-a-password/

bye :)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

R0bb0b 344 Posting Shark · Answer 1 · 2010-12-25T06:09:07+00:00

I use aes_encrypt and aes_decrypt for mysql. You just need to figure out a way to securely use a key to encrypt and decrypt with.

ankit.pandey3 -8 Junior Poster in Training · Answer 2 · 2010-12-25T10:30:47+00:00

I use aes_encrypt and aes_decrypt for mysql. You just need to figure out a way to securely use a key to encrypt and decrypt with.

What is this "aes-encrypt".
Plz tell me more about it....

R0bb0b 344 Posting Shark · Answer 3 · 2010-12-26T07:12:41+00:00

aes_encrypt:
http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-encrypt

example:

create table user_info(
user_infopk int primary key auto_increment,
name varchar(100),
email text,
phone text);

#insert a record with phone and email encrypted
insert into user_info(name, email, phone) values(
'jimbo',
aes_encrypt('jimbo@email.com', 'passphrase to use to decrypt up to 128 bits'),
aes_encrypt('999-999-9999', 'passphrase to use to decrypt up to 128 bits'));

#pull the data out decrypted
select name, trim(aes_decrypt(email, 'passphrase to use to decrypt up to 128 bits')) as email, trim(aes_decrypt(phone, 'passphrase to use to decrypt up to 128 bits')) as phone from user_info;

obviously you have to be creative with how you store the pass phrase so that nobody can get ahold of it.

jkon 636 Posting Whiz in Training Featured Poster · Answer 4 · 2010-12-28T05:33:12+00:00

If a user of your web application could retrieve his password over “retrieve password” section he could understand that you save the password directly so if your site been hacked (with recently examples) his password would be almost public.

The best way in my view is in the retrieve password section to let your user enter new password and send him / her confirmation mail for that change (keeping the request in a separate table). Of course password should saved in shadow / hash algorithms and also I believe that the best way is your own “mix” of existence ones.

Be aware that to have maximum efficiency the first shadow pass (the first hash of the password) should be done by JavaScript in the users browser, so that in no case the password be sent throw Internet. (You can complete the hashing in PHP combining knowing algorithms and your own)

R0bb0b 344 Posting Shark · Answer 5 · 2010-12-28T06:40:12+00:00

I agree, you should always use an irreversible method when dealing with passwords.

Be aware that to have maximum efficiency the first shadow pass (the first hash of the password) should be done by JavaScript in the users browser, so that in no case the password be sent throw Internet. (You can complete the hashing in PHP combining knowing algorithms and your own)

if you are that worried about posted passwords, the standard is SSL.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 6 · 2010-12-28T17:07:06+00:00

In my opinion JS is not a good solution. Sending the password:

mypassword

or the hash (sha1 in this example):

91dfd9ddb4198affc5c194cd8ce6d338fde470e2

it's the same for the attacker, it's always plain text. The attacker can sniff the user submission, catch the hash and send it to gain the access, you don't have the password, ok, but you have the "key".

I agree with R0bb0b, ssl is the right way to manage this problem.