Decrypt password PASSWORD_HASH

Asked

Viewed 1,428 times

1

Good afternoon! Folks, I need to display to the customer the password he typed and not 60 Encrypted characters. How can I do this procedure? Below is the password recovery code I created. However, it displays only the 60 characters and not the password that was typed by the client.

I am using password_hash, default

$email_recuperado = $_POST['email_recuperar'];
$consultaEmail = $verde_conexao->query("SELECT * FROM verde_cadastro WHERE email = '{$email_recuperado}'");
$rows = $consultaEmail->num_rows;
$senhaGlobal = $consultaEmail->fetch_assoc();

if($rows == 1):

    echo $senhaGlobal['senha'];

endif;

$verde_conexao->close();

Result of $passwordGlobal: $2y$10$s8eqpQimDaz4e.aUkCIaheP5rD0hgULSQBdyk/9pSGQQysOGNkoMW

php

1 answer

1


According to the documentation of password_hash, in free translation:

password_hash() creates a new password hash using a strong one-way hash algorithm.

Emphasis on unidirectional. Generalizing, it makes no sense to use a password encryption that can be decrypted for security reasons. If you need to compare passwords, compare using password_verify.

In the case of password recovery, you must provide the user a way to create a new password, not to view your old password.

  • 1

    I understood. Your reply is very explanatory. Thank you.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.