Kirmani88 Kirmani88 - 1 month ago 18
PHP Question

How to decrypt Hash Password in Laravel

I have google this alot, but unfortunatilty found no working solution.

I know its a bad technique, but I need to send user its password by email.

I have manage to sent user Hash password, but i am unable to decrypt this password.

The following is the procedure i am using.

$results = DB::select("select * from dockl_users where email='" . Input::get('email') ."';");

foreach($results as $data){
$password= $data->password;
$email= $data->email;

}

Mail::send('passwordRecovery', array('email' =>$password), function($message)
{
$message->to(Input::get('email') )->subject('Password Recovery');
});


The above code send
Encrypted
password to the user by email but when i try to decrypt, it gives me following error message.

$decrypt= Crypt::decrypt($data->password);



Invalid data.


throw new DecryptException("Invalid data.");


Kindly guide me how to achieve this..

Answer

Short answer is that you don't 'decrypt' the password (because it's not encrypted - it's hashed).

The long answer is that you shouldn't send the user their password by email, or any other way. If the user has forgotten their password, you should send them a password reset email, and allow them to change their password on your website.

Laravel has most of this functionality built in (see the Laravel documentation - I'm not going to replicate it all here. Also available for versions 4.2 and 5.0 of Laravel).

For further reading, check out this 'blogoverflow' post: Why passwords should be hashed.