Jump to content
MakeWebGames

RESEND orginal Password from retrival rather than getting a pre-defined system password....

Uridium

By Uridium
in Free Modifications

 Share

Recommended Posts

Uridium Rising Star

Uridium

Posted
Posted

Yes i know this has been done where you forget your pass and have to goto a LOST PASSWORD link for an email to be sent just to say that you have to change your password to the one its given..

This annoyed the hell out of me and found sometimes it wasnt 100% workable..

So how about just getting your old password back which too me sounded better.. and saves a lot of time...

I'll post up the code in a few as ive made some drastic edits.

Guest Null

Guest Null

Posted
Posted

Password thing..

How would this work out? Does it also scan your IP and compare both the email and your ip ? Because If it just goes by email, then anyone who knows anyones email could just throw it in there and get the pass. No offence to your mods, they're awesome. Peace.

Uridium Rising Star

Uridium

Posted
  • Author
Posted

How this works at the moment is your password when registering is inputted 3 times 2 for md5 and one so its displayed as TEXT for you if you cant remember it, it also includes a secret question that has to be entered aswell as your email so the email is sent out to you.

Zeggy Newbie

Zeggy

Posted
Posted

The point of using hashes is so you don't need the original data. If you're storing both the hash and the plaintext, then there's no point in storing the hash. You are not gaining any security out of it.

Uridium Rising Star

Uridium

Posted
  • Author
Posted

Thats correct ZEGGY one defeats the other thats why im trying to work out a more secure method with the same results.. But also trying to not make it as hard as possible to install and using a chaching method

Guest Null

Guest Null

Posted
Posted

Does this also compare if the users IP is the same as the accounts IP where the email is? Cuz if not couldnt a random user just insert someones email in there and grab the pass? even if its hashed?

fbiss Newbie

fbiss

Posted
Posted

It is not a good idea to store any passwords as plain text period.

Your own encryption/decryption method is better but still not that great of an idea. If a hacker gets into your server/control panel , he can read the source code and copy the decryption method.

IMO, 1 way hashing is the best way to go.

For even stronger security, I would suggest using something unique yet reproducible as the Salt for the hash. As an example you could take the login name(since this doesnt change) , concatenate the password to it and concatenate a long strong of characters(same for everyone). This salt would prodcue a hash that even if two users have the same password, they would have different hashes.

rulerofzu Newbie

rulerofzu

Posted
Posted
It is not a good idea to store any passwords as plain text period.

Your own encryption/decryption method is better but still not that great of an idea. If a hacker gets into your server/control panel , he can read the source code and copy the decryption method.

IMO, 1 way hashing is the best way to go.

For even stronger security, I would suggest using something unique yet reproducible as the Salt for the hash. As an example you could take the login name(since this doesnt change) , concatenate the password to it and concatenate a long strong of characters(same for everyone). This salt would prodcue a hash that even if two users have the same password, they would have different hashes.

This is how it is done in my game. sha512 hash with a salt produced from the username and password. To reset a password they need to know a secret word set when they registered. If they cannot remember that then they will have to contact me to get the account verified.

Guest Null

Guest Null

Posted
Posted

Im kinda a noob lol but umm.. Is it possible to use md5 and sha1 together? like two encrytion methods combined to make it really hard to find out?

Zeggy Newbie

Zeggy

Posted
Posted
Im kinda a noob lol but umm.. Is it possible to use md5 and sha1 together? like two encrytion methods combined to make it really hard to find out?
Yep, it is. md5 and sha1 are both functions that return strings... meaning that you can pass the result into the functions again, however many times you want, in whatever combinations you want.
Uridium Rising Star

Uridium

Posted
  • Author
Posted

the othern route im looking at, at the moment is same method but the password is sent immediatley to emails so the text version desont need to be stored on the database. im also looking at other options.

Guest Null

Guest Null

Posted
Posted

Yea the best method is wouldbe to send to emails but theres only 2 problems.1. You'd have to create a mail function that goes faster as the regular one takes atleast 3 mins to recieve. 2.what if someone hacks their email(users fault)?

rulerofzu Newbie

rulerofzu

Posted
Posted
Yea the best method is wouldbe to send to emails but theres only 2 problems.1. You'd have to create a mail function that goes faster as the regular one takes atleast 3 mins to recieve. 2.what if someone hacks their email(users fault)?

lol. the mail function doesnt take 3mins thats an issue with your hosting. I use that function and it sends and receives instantly

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...