Displaying non hashed password from database

Question

<?php

if(isset($_GET['edit_user'])){
    $the_user_id = $_GET['edit_user'];


$query = "SELECT * FROM users WHERE user_id = $the_user_id ";
$select_user_by_id = mysqli_query($connection, $query);
test_query($select_user_by_id);


while($row = mysqli_fetch_assoc($select_user_by_id)){
    $user_id = $row['user_id'];
    $user_username = $row['user_username'];
    $user_firstname = $row['user_firstname'];
    $user_lastname = $row['user_lastname'];
    $user_image = $row['user_image'];
    $user_email = $row['user_email'];
    $user_password = $row['user_password'];
    $user_role = $row['user_role'];
    
}



if(isset($_POST['update_user'])){

    $user_username = $_POST['user_username'];
    $user_firstname = $_POST['user_firstname'];
    $user_lastname = $_POST['user_lastname'];
    $user_image = $_FILES['user_image']['name'];
    $user_image_temp = $_FILES['user_image']['tmp_name'];
    $user_email = $_POST['user_email'];
    $user_password = $_POST['user_password'];
    $user_role = $_POST['user_role'];

    move_uploaded_file($user_image_temp, "../images/$user_image");

    if(empty($user_image)){

        $query = "SELECT * FROM users WHERE user_id = $the_user_id ";
        $select_image = mysqli_query($connection, $query);
        
        while($row = mysqli_fetch_assoc($select_image)){
            $user_image = $row['user_image'];
        }

    }

    $query = "SELECT user_randomhash FROM users";
    $select_rand_query = mysqli_query($connection, $query);

    $row = mysqli_fetch_array($select_rand_query);
        $salt = $row['user_randomhash'];
        $hashed_password = crypt($user_password, $salt);

    $query = "UPDATE users SET ";
    $query .= "user_username = '{$user_username}', ";
    $query .= "user_firstname = '{$user_firstname}', ";
    $query .= "user_lastname = '{$user_lastname}', ";
    $query .= "user_image = '{$user_image}', ";
    $query .= "user_email = '{$user_email}', ";
    $query .= "user_password = '{$hashed_password}', ";
    $query .= "user_role = '{$user_role}' ";
    $query .= "WHERE user_id = {$the_user_id} ";

    $update_users = mysqli_query($connection, $query);

    test_query($update_users);
    header("Location: users.php?source=edit_user&edit_user=$user_id");
}

}

?>

Hello, if someone can help me there, goal for this code is to edit user, that's working fine everything, but, i want something else, i hashed my password or crypted my password whatever, to secure it , $hashed_password = crypt($user_password, $salt); with this!

So problem now is when i update whole User and go again to edit, i want to show me real password in that specific block of password, not hashed password from SQL or database! ill provide more info if needed!

Thanks anyway!

Answer 1

You can't recover the plain text of a hashed password in a reasonable amount of time, that's the whole point of hashing it. Read this for an explanation.