When you select the password you have to select the HASH of it since that's how you stored it.
Like this: SELECT username,password FROM users WHERE username=<cfqueryparam value="#FORM.textUsername#" cfsqltype="cf_sql_clob" maxlength="50"> AND password=<cfqueryparam value="#hash(FORM.textPassword)#" cfsqltype="cf_sql_clob" maxlength="50"> Give that a go. Mike -----Original Message----- From: Mark Collins [mailto:[email protected]] Sent: Thursday, April 30, 2009 2:14 PM To: cf-newbie Subject: Re: Help with registration page For some reason I am unable to log on. Here's my code, any ideas? SELECT username,password FROM users WHERE username=<cfqueryparam value="#FORM.textUsername#" cfsqltype="cf_sql_clob" maxlength="50"> AND password=<cfqueryparam value="#FORM.textPassword#" cfsqltype="cf_sql_clob" maxlength="50"> INSERT INTO users (username, password, email, randomKey) VALUES (<cfif IsDefined("FORM.textName") AND #FORM.textName# NEQ ""> <cfqueryparam value="#FORM.textName#" cfsqltype="cf_sql_clob" maxlength="50"> <cfelse> '' </cfif> , <cfif IsDefined("FORM.textPassword") AND #FORM.textPassword# NEQ ""> <cfqueryparam value="#hash(FORM.textPassword)#" cfsqltype="cf_sql_clob" maxlength="50"> <cfelse> '' </cfif> , <cfif IsDefined("FORM.textEmail") AND #FORM.textEmail# NEQ ""> <cfqueryparam value="#FORM.textEmail#" cfsqltype="cf_sql_clob" maxlength="50"> <cfelse> '' </cfif> , <cfif IsDefined("FORM.rk") AND #FORM.rk# NEQ ""> <cfqueryparam value="#FORM.rk#" cfsqltype="cf_sql_clob" maxlength="50"> <cfelse> '' </cfif> ) ________________________________ From: Mike Chytracek <[email protected]> To: cf-newbie <[email protected]> Sent: Thursday, April 30, 2009 11:22:12 AM Subject: RE: Help with registration page You could do something like this (note I am using createUUID() to generate a primary Key. You can use whatever method you like): <cfquery ..> Insert into table (id, name, password) VALUES ('#createUUID()#', <cfqueryparam type="CF_SQL_VARCHAR" value="#form.name#">, <cfqueryparam type="CF_SQL_VARCHAR" value="#hash(form.password)#">) </cfquery> And then:. <cfquery ..> Select * from table Where name = <cfqueryparam type="CF_SQL_VARCHAR" value="#form.name#"> and password = <cfqueryparam type="CF_SQL_VARCHAR" value="#hash(form.password)#"> </cfquery> Use <cfqueryparam> whenever using user supplied info in db queries. Mike -----Original Message----- From: Mark Collins [mailto:[email protected]] Sent: Thursday, April 30, 2009 11:12 AM To: cf-newbie Subject: Re: Help with registration page Thanks. So my form.password variable is passed to hash() before I insert into the database. And I do the same when authenticating? ________________________________ From: Mike Chytracek <[email protected]> To: cf-newbie <[email protected]> Sent: Thursday, April 30, 2009 10:36:27 AM Subject: RE: Help with registration page If you want to secure the passwords in the database you can hash() them before putting them in and check the hash when authenticating. Mike -----Original Message----- From: Mark Johnson [mailto:[email protected]] Sent: Thursday, April 30, 2009 11:10 AM To: cf-newbie Subject: Help with registration page I'm creating a registration page. When the user registers I want them to be emailed an activation link that they need to click on in order to activate their account. How can I creat this random number(hash). HOw would I go about hashing newly created passwords for sign up forms? Thanks for any help. Mark . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-newbie/message.cfm/messageid:4547 Subscription: http://www.houseoffusion.com/groups/cf-newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
