PHP Salt password encryption

Question

My client forgot password to login to the backend of the website that was developed by other developer who refused to help. Therefore, I went to SQL database to see if I could retrieve the password directly from there but it seems that password is encrypted. See below

3a0606b25e75eb6c1fed61886844832e

it would be easier if I knew how the password was encrypted so that I could just encrypt new password and add to SQL but when I looked at the code (in password changing PHP gile) there is something called salt_pass that encrypts the password of this website. See below code :

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$db = new database();
$option_uw = array(
    "table" => "users",
    "fields" => "password",
    "condition" => "id='{$_POST['id']}'"
);
$query_uw = $db->select($option_uw);
$rs_uw = $db->get($query_uw);
if ($rs_uw['password'] == trim(salt_pass($_POST['oldpassword']))) {
    $value_pw = array(
        "password" => trim(salt_pass($_POST['pass']))
    );
    $query_pw = $db->update("users", $value_pw, "id='{$_POST['id']}'");

    if ($query_pw == TRUE) {
        header("location:" . $baseUrl . "/back/user");
    }
}else{
    $_SESSION[_ss . 'msg_result'] = TRUE;
    header("location:" . $baseUrl . "/back/user/changepassword");
}
mysql_close();
}

Here is the salt_pass function

function salt_pass($pass) { 
     return md5("supapongherb.com" . $pass); 
}

Does anybody know how I can regenerate or encrypt the new password according to this code?

PS. the website is developed with MVC programming and I am really capable of it. Please let me know if you would like to see more file.

Thank you in advance!

Answer 1

Let's clear a few things up

but it seems that password is encrypted

First, your password is hashed , not encrypted. There is a difference . Namely that hashes are meant to be one-way. There's no way to look at a hash and just regenerate the password from that.

Second, they're using MD5. They're not actually salting anything, they're appending the same string to all passwords and THEN hashing it. MD5 is a terrible way to hash because it's stupid easy to break . This is the equivalent of securing your front door with a rubber band. It's not secure because you can make millions of guesses a minute . Yes it is that bad.

Third, with the function and the "salt" known, you can easy make a new password this way (via SQL because I'm not guessing what sort of screwy ORM they're using there)

UPDATE users
SET password = MD5(CONCAT('supapongherb.com', 'new_password_here'))
WHERE id = their_user_id_here

Fourth, switch to password_hash . Like now. Get rid of the rubber band and upgrade to a deadbolt, with rabid pitbulls behind it and a shotgun in your lap.