subject:"\[PHP\] Re\: encrypting passwords, how to decrypt\?"

[PHP] Re: encrypting passwords, how to decrypt?

2002-01-17 Thread Philip Hallstrom


If you are going to us encrypted passwords, then it goes something more
like this:

- user fills out form picking a login and a password.
- php encrypts the password using say md5 and puts the encrypted form into
  the database.
- user tries to login typing in their login and password.
- php encrypts their password using md5 and then looks to see if there are
  any rows in the database with that login and *encryped* password.  if so
  then it logs them in.

hope that helps!

-philip

On Thu, 17 Jan 2002, Hawk wrote:

> Ok, even if I don't need encryption I thought I might go ahead and try to
> learn it, and as I said in the previous post I managed to get it working
> everywhere but on the login script
> first I have a form that sends username and password to login.php, in that
> file I have something like this
>
>  $the host user pswd and db vars
> mysql_connect($host, $user, $pswd);
> mysql_select_db($db);
> $query = "SELECT * FROM users WHERE username='$username' and
> password='$password'";
> $result = mysql_query($query);
> $num = mysql_num_rows($result);
> if ( $num != NULL ) {
>  session_start();
>  session_register(admin_allow);
>  $admin_allow = "mytopsecretpassword";
>  header("location: admin/index.php");
> }
> else { header("location: admin.php"); }
> ?>
>
> I know it looks messy, and I removed some stuff to make it smaller to post,
> but when I use non encrypted passwords this works fine, my problem is that I
> don't know how to to do read a encrypted password in the $query, or if I
> need to do it in some other way(been trying a few different this far)
>
> I tried with
> $query = "SELECT * FROM users WHERE username='$username' and
> password=password('$password')";
> but that made $num = 0, and the login fail
> I'm getting really tired (from sleeping to little..) and that might have
> reduced my thinking even more than usual, but what am I doing wrong ? :P
>
> Hawk
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: encrypting passwords, how to decrypt?

2002-01-24 Thread Chris Seymour


[EMAIL PROTECTED] (Hawk) wrote in
<[EMAIL PROTECTED]>: 

Hi Hawk,
Here is a snippet of what I use:

if (isset( $txtUsername )) {
   $sql = "Select a.* from admins a where ";
   $sql .= "adm_name = '$txtUsername' ";
   $sql .= "and adm_pwd = PASSWORD('$txtPassword')";

   $resultID = mysql_query( $sql ) or die("Error in Query: $query " .
mysql_error()); $row = mysql_fetch_assoc( $resultID );
   $num = mysql_num_rows( $resultID );
 
   if ( $num != 0 ) {
   $auth = true;
 session_start();
   session_register("Admin_ID");
   session_register("Admin_Name");
   session_register("is_auth");
 
   $Admin_ID = $row["AdminID"];
 $Admin_Name = $row["adm_name"];
 $is_auth = $auth;
   }
 mysql_free_result($resultID);
}

  if ( ! $auth ) {
   error_reporting($err_lvl);
 $is_auth = $auth;
   header("Location:logon.php");
   exit;
} else {
header("Location:adminindex.php");
exit;
}
?>

Hope this helps.

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: encrypting passwords, how to decrypt?

[PHP] Re: encrypting passwords, how to decrypt?

2 matches

Site Navigation

Mail list logo

Footer information