Removing hashed password - cannot log in
EDIT: Semi-solved. I can now store my insecure passwords in my DB and also log in. Next step is to give it another attempt at creating a secure mechanism for forgotten passwords (along with md5 encryption).
I'm trying to remove the md5 hashing from my passwords, so I can easily send the user his password to his email, in case he forgets it (I tried several solutions to generate a new password using md5 encryption, but I failed. So I want to do it this simple - yet a bit insecure - way).
I have the following code which stores the password in the database in a hashed format. I can also log in with no trouble... however as mentioned, I want to remove the hashing. I removed
$new_password = password_hash($upass, PASSWORD_DEFAULT);
and changed '$new_password' to '$upass'.
When I look at my database, I can see a non-hashed password which is exactly what I want. However, I can no longer log with a nonhashed password. Isn't that strange? What am I possibly doing wrong?
Here's a snippet of my registration code.
include_once 'dbconnect.php';
if(isset($_POST['btn-signup']))
{
$uname = $MySQLi_CON->real_escape_string(trim($_POST['user_name']));
$email = $MySQLi_CON->real_escape_string(trim($_POST['user_email']));
$upass = $MySQLi_CON->real_escape_string(trim($_POST['password']));
$phone = $MySQLi_CON->real_escape_string(trim($_POST['phone']));
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$check_email = $MySQLi_CON->query("SELECT user_email FROM users WHERE user_email='$email'");
$count=$check_email->num_rows;
if($count==0){
$query = "INSERT INTO users(user_name,user_email,user_pass,user_phone) VALUES('$uname','$email','$new_password','$phone')";
if($MySQLi_CON->query($query))
{
$msg = "<div class='alert alert-success'>
<span class='glyphicon glyphicon-info-sign'></span> successfully registered !
</div>";
}
else
{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> error while registering !
</div>";
}
}
else{
$msg = "<div class='alert alert-danger'>
<span class='glyphicon glyphicon-info-sign'></span> sorry email already taken !
</div>";
}
$MySQLi_CON->close();
}
Solution 1:
Stop.
Do not even think about anything which allows you (as a developer) to somehow get the plain text password of your users.
The solution to the original problem is very easy and does not involve storing your user's passwords in plaintext. If a user forgets his password, you do the following:
- Create a TAN (a long random number) and save it in your DB.
- Send the TAN to your user (integrated in a URL of course).
- When the user clicks the URL, he ends up in your website at your "password reset" feature.
- You ask him for his mail address or user name (whatever you use to identify users) and a new password.
- You look up the TAN, verify that it is the correct mail address or user name and delete it.
- You hash up the new password and store it in your DB.
(Of course, this assumes that the attacker is not able to get the mail; you may think about any number of further measures to make it safer. A popular one are "secrets" like "name of your first pet" etc.; you could send them an SMS, whatever... but that's another story).
At no point whatsoever are you handling plain text passwords, this is a total no-go and very neglient.