subject:"\[PHP\] \[Newbie\] Password\(\)"

RE: [PHP] [Newbie] Password()

2003-03-31 Thread Jon Haworth

Hi Bobby,

> In my code I am trying to send an email (containing a password)
> to a user when he has forgotten his password.
[...]
> The problem is that security leads to needing to encrypt
> passwords in the database. Im using the password function
> within mysql. Is there any way of reversing the password
> function to get the original password to send out to the user?

I think it's a one-way hash, like MD5. You could set their password to
something else - a random 8-letter string, for example - and send them that
along with a note encouraging them to change it.

If you want two-way encryption, have a look at AES_ENCRYPT and AES_DECRYPT:
http://www.mysql.com/doc/en/Miscellaneous_functions.html (scroll down a bit)

Cheers
Jon


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] [Newbie] Password()

2003-03-31 Thread Chris Hayes


in my code I am trying to send an email (containing a password) to a user 
when he has forgotten his password.

The problem is that security leads to needing to encrypt passwords in the 
database. Im using the password function within mysql. Is there any way of 
reversing the password function() to get the original password to send out 
to the user?

Or are there any other suggestions in PHP to reverse encryption of 
passwords. I do understand the principles of encryption and can see the 
point of unreversible functions but Im sure that not all applications 
re-set passwords with random generated ones but do send out forgotten 
passwords.


$pwtestOK=FALSE

It's a bit tricky to make it really secure. If your site is vulnerable to 
serious cracker attacks, better find some indepth articles.
What i've seen CMS systems do is take a password from a form and put it as 
MD5($password) in the database. MD5 is irreversible but when you let people 
login you simply compare it like this:

if (MD5(enteredpassword)==  password_in_database)
$pwtestOK=TRUE;
if (!$pwtestOK) {echo 'wrong password'; exit;}

http://nl.php.net/manual/en/function.md5.php





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] [Newbie] Password()

2003-03-31 Thread Bobby Rahman



Hi,

in my code I am trying to send an email (containing a password) to a user 
when he has forgotten his password.

The problem is that security leads to needing to encrypt passwords in the 
database. Im using the password function within mysql. Is there any way of 
reversing the password function() to get the original password to send out 
to the user?

Or are there any other suggestions in PHP to reverse encryption of 
passwords. I do understand the principles of encryption and can see the 
point of unreversible functions but Im sure that not all applications re-set 
passwords with random generated ones but do send out forgotten passwords.

Cheers

B





_
Worried what your kids see online? Protect them better with MSN 8 
http://join.msn.com/?page=features/parental&pgmarket=en-gb&XAPID=186&DI=1059

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie password-check program

2001-02-20 Thread Chris Lee


try this.

username = @$GLOBALS['username'];
   $this->passwd = @$GLOBALS['passwd'];

   $this->username = strtoupper($this->username);
   $this->passwd = strtoupper($this->passwd);

   if ($this->passwd == 'MYPASS' AND $this->username == 'RONALD')
return 1;
   else
return 0;
  }
 }

 echo "
 
 
 Password Check
 

 

 
 User name is: 
 Give Password: 
 
 
 ";

 $exec_pwd = new password;

 if ($exec_pwd->checkpwd() )
  echo "GOOD PASS \n";
 else
  echo "BAD PASS \n";
?>

want to use http auth, its another way of doing login/pass

\n";
  exit();
 }

 if ( isset($PHP_AUTH_USER) AND isset($PHP_AUTH_PW) AND $peop_r =
fetch_db_value('people_manager', "WHERE username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW' ") )
  $SessionID = $peop_r['peopleID'];
 else
 {
  Header("WWW-Authenticate: Basic realm='$SERVER_NAME' ");
  Header("HTTP/1.0 401 Unauthorized");
  bad_passwd();
 }
?>

where cookie.egn sets SessionID as a session var. and database.egn contiains
mysql wrapers (fetch_db_value).


--


Chris Lee
Mediawaveonline.com

em. [EMAIL PROTECTED]

ph. 250.377.1095
ph. 250.376.2690
fx. 250.554.1120


""Ronald Hemmink"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello there fellow programmer,

I just started learning PHP (I got version 4 installed with Apache on a
Win98 machine). At the moment I'm trying to write a little program that
verifies a user login.
I know the program is not professional but for me it will do. Only I got
stuck with the following problem. I have written a class (I'm not very
sure if this is the right way to do this) in which I specified a
function that does the password check.
Now I like the program to check the password and return me a true or a
false which I can read from somewhere else in my program.
I wrote it like this:



   Password Check



 " METHOD="POST">
 User name is:
  

 " ?>

 
  
 

 GeefInfo)&&IsSet($this->UserName))
   {
$this->UserName=strtoupper($this->UserName);
 $this->passwd=strtoupper($this->passwd);

   if (IsSet($this->passwd))
 {
if ($this->passwd=="MYPASS" &&
$this->UserName=="RONALD")
{
 $this-> testvar=1;
 exit(1);
}
else
{
 $this-> testvar=0;
 exit(0);
}

 }

}
  }
}?>




checkpwd();
print $exec_pwd; // Where is my output   ?
?>




If you can and like to help me I will be very pleased.
Thanks in advance !!!

Ronald


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Newbie password-check program

2001-02-20 Thread Ronald Hemmink


Hello there fellow programmer,

I just started learning PHP (I got version 4 installed with Apache on a
Win98 machine). At the moment I'm trying to write a little program that
verifies a user login.
I know the program is not professional but for me it will do. Only I got
stuck with the following problem. I have written a class (I'm not very
sure if this is the right way to do this) in which I specified a
function that does the password check. 
Now I like the program to check the password and return me a true or a
false which I can read from somewhere else in my program.
I wrote it like this:



   Password Check



 " METHOD="POST">
 User name is:
  

 " ?>

 
  
 

 GeefInfo)&&IsSet($this->UserName))
   {
$this->UserName=strtoupper($this->UserName);
 $this->passwd=strtoupper($this->passwd);

   if (IsSet($this->passwd))
 {
if ($this->passwd=="MYPASS" &&
$this->UserName=="RONALD")
{
 $this-> testvar=1;
 exit(1);
}
else
{
 $this-> testvar=0;
 exit(0);
}

 }
 
}
  }
}?>




checkpwd(); 
print $exec_pwd; // Where is my output   ?
?>




If you can and like to help me I will be very pleased.
Thanks in advance !!!

Ronald


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] [Newbie] Password()

Re: [PHP] [Newbie] Password()

[PHP] [Newbie] Password()

Re: [PHP] Newbie password-check program

[PHP] Newbie password-check program

5 matches

Site Navigation

Mail list logo

Footer information