Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Is it possible to decrypt password using simpleauth?
  • Dear sir,

    I am using simpleauth package to implement login/logout function.

    And then I have to decrypt password and output it on the screen.

    Is it possible to do it?

    Thank you.
  • As I know, it is not possible.
  • Yes, that is what I expect actually.

    Because password decryption is not possible, I have to keep original password in the db.
  • No, passwords are hashed, not encrypted.

    And from a security point of view, it is a very BAD idea to store passwords. Ever. If someone asks you to do that, explain to them it is not an option.

    Instead, add a mechanism to your application with which users can request a new password (a password-lost feature). See https://fuelphp.com/docs/packages/auth/examples/auth.html#/password-recovery for an example of a secure implementation.
  • Hello there, 

    Thank you for your reply.

    Yes, I know that it is very bad thingy to implement. 

    However, the reason why I need to implement this thingy is that I am making integrate login system that enables to login to 5 different systems with different password, but, user id is the same.

    Also, this has to be implemented by one clicking.

    Therefore, I need to decrypt password or store the password in the database, which is bad idea.

    Well....possibly I might think of different idea.

    Then, I know the "a password-lost feature".

    I implemented this feature in the last project.
  • HarroHarro
    Accepted Answer
    If you need to store it. use the Crypt class to encrypt / decrypt it. That at least would require access to both your database data and your code to be able to decrypt it (as the keys are in the crypt config file).

    If you're using Orm, 1.9/dev has the option to automatically encrypt/decrypt column values.
  • Thank you for your suggestion.

    Well....I might have to do it that way.

    Then, I am current using Orm 1.8.*.

    Is Orm 1.9/dev stable?


  • Yes, it is (at the moment).

    You can also manually copy the Observer_Typing class in the Orm package over, that is the only file changed.
  • Okay, I may try that.
    Thank you for your help :)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion