Good day all,
Yesterday, Joshua Meekhof suggested using the hash() function to hash up
user passwords before inserting them into the database. Seems like this
would work. However, when I try it, it fails. Maybe I am doing something
wrong.
Here is the code:
Password: <input type="password" name="password">
This goes to action page:
<cfset hashedpword=hash(form.password)>
<cfquery name="update" datasource="#request.mainDSN#">
UPDATE users
SET password='#hashedpword#'
WHERE userID=#form.userID#
</cfquery>
Finally, on the login page I pass the plain text password to the login
action page, which has this code:
<cfset hashedpword=hash(form.password)>
<cfquery name="checkuser" datasource="#request.mainDSN#">
SELECT *
FROM users
WHERE userName='#form.userName#' AND password='#hashedpword#'
</cfquery>
This query returns no records. Does the hash() function return a random
value? If so, Joshua, how do you compare the user's login to what you have
in the DB? Any help in this regard would be appreciated. Thanks.
Marwan Saidi
Webmaster
CED - Concord IS
[EMAIL PROTECTED]
407.741.8645
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
