Steve
I encountered a similar problem... here is how I resolved it.
1) I defined the field in the db that holds the encrypted value as
NVarChar(255). This is a unicode field. The 255 length takes care of
encrypted passwords are larger than the original.
2) I do *not* check the password in the SQL, rather in CF after it
has been retrieved, e.g.:
<cfquery NAME="Login" .....
SELECT UserID, Password
FROM Customer
WHERE UserID = '#form.UserID#'
</cfquery>
<cfif NOT Login.Recordcount eq 1>
<cfset Error = "Invalid UserID and Password.">
<cfelse>
<cfif form.Login_Password NEQ Decrypt(LoginAction.Password, key)>
<cfset Error = "Invalid UserID and Password.">
<cfelse>
<!--- Login OK --->
.
.
.
HTH
Dick
At 1:57 PM -0400 6/29/01, Steve Reich wrote:
>I am having a problem with the encrypt/decrypt functions. Here is my code:
>
>*** This creates the user when they register...
>
><cfset dbPassword="#Encrypt(password, application.seed)#">
>
><cfquery name="CreateUser" datasource="#application.dsn#"
>username="#application.dsn_username#" password="#application.dsn_password#">
> INSERT INTO users
> (fname,lname,email,username,password)
> VALUES('#fname#','#lname#','#email#','#username#','#dbPassword#')
></cfquery>
>
>*** This validates a registered user....
>
><cfset dbPassword = "#Encrypt(password, application.seed)#">
>
><cfquery name="CheckUser" datasource="#application.dsn#"
>username="#application.dsn_username#" password="#application.dsn_password#">
> SELECT userid
> FROM users
> WHERE username='#username#'
> AND password='#dbPassword#'
></cfquery>
>
>The problem is that if I output the encrypted password on my page, I get...
>
>(6 W=SO*;E^JD
>
>The field in the DB says...
>
>(6 W=SO*;E^H
>
>Obviously, they don't match, so the user can't get in. I've tried using a
>variety of seed values, including various lengths. It seems that the last
>one or two chars always come out differently? My questions are, what is a
>good length for the seed value and should this be alphnumeric or will any
>ascii character work? Also, I'm not sure why I can encrypt the same value
>twice and not get the same value. I'm thinking my problem must be in the
>seed string length, but I'm not sure? Are there known issues with this? Why
>am I having this problem? Can someone shed some light?
>
>Thanks,
>Steve
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
