subject:"\[PHP\-DB\] Password decryption"

Re: [PHP-DB] Password decryption

2008-02-17 Thread Daniel Brown

On Feb 16, 2008 10:17 PM, Nasreen Laghari <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values 
> ('$username',Password('$pass'));";

It's a one-way encryption method, so you won't be able to see the
plain-text equivalent of the password again, but you can use this when
testing a login:

SELECT * FROM user WHERE userid='".$username."' AND
password=PASSWORD('".$pass."')";

Also, to correct your $query above, some things to note:
PASSWORD is a reserved word in MySQL, so you shouldn't name
any columns or databases as such.
You have a comma after `userid,password,` in your column bracket.
With PHP, you shouldn't end your MySQL query with a semicolon.
The code needs it to terminate the line, the query doesn't.

-- 

Daniel P. Brown
Senior Unix Geek

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] Password decryption

2008-02-17 Thread Matteo Cisilino

Nasreen Laghari wrote:
> Hi,
>  
> I'm junior in PHP and stuck on Encryption. 
>  
> I have encrypted password using SQL :
>  
> $query = "insert into user (userid,password,) values 
> ('$username',Password('$pass'));";
>  
> Which is working perfect. Now I'm working on Login page where I have to 
> compare passwords.. As password in database is encrypted so I need to decrypt 
> it back for compression. I have tried the flowing but not working.
>  
>  if ($pwd != Password("$info['password']")) 
>   {
>echo("-");
>//header("Location: abuse.php");
>   }
>  
> and 
>  
>  if ($pwd != $info(Password("['password']")) 
>   {
>echo("-");
>//header("Location: abuse.php");
>   }
>  
> Could any one please help..
>
> Thank you
>
>
>   
> 
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
>
>   
the password is encrypted one way ( usually md5() ) so you must compare
the encrypted hashes



-- 
Matteo Cisilino

Blog : http://matteo.cisilino.com


CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to [EMAIL PROTECTED]
  Thank you


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Password decryption

2008-02-17 Thread Gary Wardell

Hi,

Note from the manual:

PASSWORD() encryption is one-way (not reversible).

Also note:

===
Note
The PASSWORD() function is used by the authentication system in 
MySQL Server; you should not use it in your own applications.
For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 
2 (Challenge-Response Authentication Mechanism
(CRAM)), for more information about handling passwords and authentication 
securely in your applications.
===

The way to do it is to encrypt the response password from the logon and compare 
the encrypted versions; rather than decrypting for
the compare.

Gary

> -Original Message-
> From: Nasreen Laghari [mailto:[EMAIL PROTECTED]
> Sent: Sat, February 16, 2008 10:18 PM
> To: php-db@lists.php.net
> Subject: [PHP-DB] Password decryption
>
>
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values
> ('$username',Password('$pass'));";
>
> Which is working perfect. Now I'm working on Login page where
> I have to compare passwords.. As password in database is
> encrypted so I need to decrypt it back for compression. I
> have tried the flowing but not working.
>
>  if ($pwd != Password("$info['password']"))
>   {
>echo("-");
>//header("Location: abuse.php");
>   }
>
> and
>
>  if ($pwd != $info(Password("['password']"))
>   {
>echo("-");
>//header("Location: abuse.php");
>   }
>
> Could any one please help..
>
> Thank you
>
>
>
> __
> __
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile.  Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Password decryption

2008-02-16 Thread Nasreen Laghari

Hi,
 
I'm junior in PHP and stuck on Encryption. 
 
I have encrypted password using SQL :
 
$query = "insert into user (userid,password,) values 
('$username',Password('$pass'));";
 
Which is working perfect. Now I'm working on Login page where I have to compare 
passwords.. As password in database is encrypted so I need to decrypt it back 
for compression. I have tried the flowing but not working.
 
 if ($pwd != Password("$info['password']")) 
  {
   echo("-");
   //header("Location: abuse.php");
  }
 
and 
 
 if ($pwd != $info(Password("['password']")) 
  {
   echo("-");
   //header("Location: abuse.php");
  }
 
Could any one please help..

Thank you


  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Re: [PHP-DB] Password decryption

Re: [PHP-DB] Password decryption

RE: [PHP-DB] Password decryption

[PHP-DB] Password decryption

4 matches

Site Navigation

Mail list logo

Footer information