Re: Password Encryption Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
By my oppinion the problem will be solved, if you don't use password() finction at all. Just have in your mind that it is a one-way hash and it can not decrypt passwords. Try to use encode() and decode() functions instead with a salt key by your choice.
Of course if you insist on using password() function you will have to make a script to reset the password and to send the new one to the user's email. Depends on you.

For example, suppose you have a form field $pwd in your insert or update pages. Then you need to insert it's value into a DB (here I presume MySQL). So you have the job done like this:

$select = "..MySQL specific words .... encode($pwd, '.g') ";
$query = .....
so on

where '.g' is the salt key and the password from 'test' will look like 'ddIIjdmnm9' in the DB.

Supose you have to take it back and return into human readable characters in order to give the User a chanse to change it. So you write the following:

$select  = "..MySQL specific words .... decode(pwd_field_Name, '.g') ";
$select .= "where User_ID = 'whatsoever'";
$query = .....
so on

where '.g' is the same salt key and 'pwd_field_Name' is that column that contains your encoded passwords.

That's it.
Hope this help.
pj

Erwin Kerk wrote:
Probably the password() function relies on some server-specific data....

Erwin Kerk
Web Developer

Lindsey Gregory wrote:

Hello all,

This is kinda hard to explain, but I am having a problem with pass
encryption/decryption stuff. I had a section of my website protected by a
cookie-based log in that authenticates from a database (mySQL) of user/pass
combinations... anyway, I am moving that website from one server to
another... The username and password are exactly the same in the new DB as
it was in the old one... and of course, I have them encrypted... but it
wont authenticate because the sql query is spitting out a different
encrypted pass from the login form so when I do the following query: SELECT
id FROM table WHERE ((username = '$username') AND (password =
PASSWORD('$password')) the encrypted password there is different than the
enctypted pass in the DB.
Any help with this would be appreciated! thanks!
-lindsey 


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux