Dave wrote:
[snip]
The current members tables uses the default PASSWORD encryption built
into MySQL. Although my current MySQL version is 4.1.3, I believe this
is the same password encryption that was used in MySQL 3.2. The user
data was created in an earlier version of MySQL, and later the database
was upgraded. I seem to remember at the time of upgrading that some
setting was required in order for the passwords to continue to work. My
web hosting service was kind enough to handle this issue for me, but
unfortunately this means that I am not entirely clear on what kinds of
settings were required and if they impact the encryption method
currently employed on my web site.
It did change between MySQL 3.2 and 4.1. You need the old-passwords
configuration directive, it is in the MySQL manual at dev.mysql.com.
[snip]
The Questions:
Since the md5_encryption is handled in PHP, will I be able to create
an equivelant command in MySQL when copying the fields from one table to
another?
If so, what will be the command to extract the passwords from the
original table and encrypt them with the new method in the destination
table?
What I've done so far:
After a little web searching and independent thinking, I thought that
one approach might be to decrypt the password fields and store them as
plain text in the destination table, and then once all the user data is
in, run a PHP command to run through and encrypt all the password fields
with the new encryption. Is this the best approach?
You can't decrypt the password fields. That's the point of *one-way*
hashes of the type that PASSWORD() and MD5() use. You need to either get
all your users to reset their passwords, or continue to use the old
password hashing algorithm until they do.
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/
If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
