subject:"RE\: \[PHP\] \[Newbie\] Password\(\)"

Re: [PHP] [Newbie] Password()

2003-03-31 Thread Chris Hayes


in my code I am trying to send an email (containing a password) to a user 
when he has forgotten his password.

The problem is that security leads to needing to encrypt passwords in the 
database. Im using the password function within mysql. Is there any way of 
reversing the password function() to get the original password to send out 
to the user?

Or are there any other suggestions in PHP to reverse encryption of 
passwords. I do understand the principles of encryption and can see the 
point of unreversible functions but Im sure that not all applications 
re-set passwords with random generated ones but do send out forgotten 
passwords.


$pwtestOK=FALSE

It's a bit tricky to make it really secure. If your site is vulnerable to 
serious cracker attacks, better find some indepth articles.
What i've seen CMS systems do is take a password from a form and put it as 
MD5($password) in the database. MD5 is irreversible but when you let people 
login you simply compare it like this:

if (MD5(enteredpassword)==  password_in_database)
$pwtestOK=TRUE;
if (!$pwtestOK) {echo 'wrong password'; exit;}

http://nl.php.net/manual/en/function.md5.php





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] [Newbie] Password()

2003-03-31 Thread Jon Haworth

Hi Bobby,

 In my code I am trying to send an email (containing a password)
 to a user when he has forgotten his password.
[...]
 The problem is that security leads to needing to encrypt
 passwords in the database. Im using the password function
 within mysql. Is there any way of reversing the password
 function to get the original password to send out to the user?

I think it's a one-way hash, like MD5. You could set their password to
something else - a random 8-letter string, for example - and send them that
along with a note encouraging them to change it.

If you want two-way encryption, have a look at AES_ENCRYPT and AES_DECRYPT:
http://www.mysql.com/doc/en/Miscellaneous_functions.html (scroll down a bit)

Cheers
Jon


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Newbie password-check program

2001-02-20 Thread Chris Lee


try this.

?php

 class password
 {
  function checkpwd()
  {
   $this-username = @$GLOBALS['username'];
   $this-passwd = @$GLOBALS['passwd'];

   $this-username = strtoupper($this-username);
   $this-passwd = strtoupper($this-passwd);

   if ($this-passwd == 'MYPASS' AND $this-username == 'RONALD')
return 1;
   else
return 0;
  }
 }

 echo "
 html
 head
 titlePassword Check/title
 /head

 body

 form action='$PHP_SELF' method='post'
 User name is:input type='text' name='username' br
 Give Password:input type='password' name='passwd' br
 input type='submit'
 /form
 ";

 $exec_pwd = new password;

 if ($exec_pwd-checkpwd() )
  echo "GOOD PASS br\n";
 else
  echo "BAD PASS br\n";
?

want to use http auth, its another way of doing login/pass

?
 include_once('cookie.egn');
 include_once('database.egn');

 function bad_passwd()
 {
  echo "You have entered an invalid password.br\n";
  exit();
 }

 if ( isset($PHP_AUTH_USER) AND isset($PHP_AUTH_PW) AND $peop_r =
fetch_db_value('people_manager', "WHERE username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW' ") )
  $SessionID = $peop_r['peopleID'];
 else
 {
  Header("WWW-Authenticate: Basic realm='$SERVER_NAME' ");
  Header("HTTP/1.0 401 Unauthorized");
  bad_passwd();
 }
?

where cookie.egn sets SessionID as a session var. and database.egn contiains
mysql wrapers (fetch_db_value).


--


Chris Lee
Mediawaveonline.com

em. [EMAIL PROTECTED]

ph. 250.377.1095
ph. 250.376.2690
fx. 250.554.1120


""Ronald Hemmink"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello there fellow programmer,

I just started learning PHP (I got version 4 installed with Apache on a
Win98 machine). At the moment I'm trying to write a little program that
verifies a user login.
I know the program is not professional but for me it will do. Only I got
stuck with the following problem. I have written a class (I'm not very
sure if this is the right way to do this) in which I specified a
function that does the password check.
Now I like the program to check the password and return me a true or a
false which I can read from somewhere else in my program.
I wrote it like this:

html
head
   titlePassword Check/title

?PHP class password
{
 function checkpwd()
 { ?

 FORM ACTION="?php print("$PHP_SELF"); ?" METHOD="POST"
 User name is:BR
 INPUT TYPE="text" NAME="UserName" P

 ?php echo "Give Password:BR" ?

 INPUT TYPE="PASSWORD" NAME="passwd"
 INPUT TYPE="HIDDEN" NAME="GeefInfo" VALUE=1 p
 INPUT TYPE="submit"

 ?PHP if (IsSet($this-GeefInfo)IsSet($this-UserName))
   {
$this-UserName=strtoupper($this-UserName);
 $this-passwd=strtoupper($this-passwd);

   if (IsSet($this-passwd))
 {
if ($this-passwd=="MYPASS" 
$this-UserName=="RONALD")
{
 $this- testvar=1;
 exit(1);
}
else
{
 $this- testvar=0;
 exit(0);
}

 }

}
  }
}?

/head
body

?php $exec_pwd=new password;
$vexec_pwd-checkpwd();
print $exec_pwd; // Where is my output   ?
?

/body
/html

If you can and like to help me I will be very pleased.
Thanks in advance !!!

Ronald


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] [Newbie] Password()

RE: [PHP] [Newbie] Password()

Re: [PHP] Newbie password-check program

3 matches

Site Navigation

Mail list logo

Footer information