Results 1 to 7 of 7
  1. #1
    Join Date
    Jan 2005
    Posts
    362

    Unanswered: php encrypted password

    I have a user table and the password will be enscrypted by sha1 hash.
    But I want to give users to change password.
    How can I fill the password field of the "edit user" since it is encrypted?

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Once it is encrypted, in theory you should never need to decrypt it.

    You can tell if an entered password is the same as the stored one, by encrypting it and comparing the two encrypted values.
    George
    Home | Blog

  3. #3
    Join Date
    Jan 2005
    Posts
    362
    Thank you.
    I will let users change passwords via "forgot password" function.

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    you should never store passwords in an unencrypted form, arguably you shoudl never store any sensitive data in an unencrypted form....

    wahtever encryption method you used should be used to convert the users password entry to use as a match against the password.

    if you want to allow users to change a password you need to authenticate them first then allow them to chaneg the password

    the problem with this are is the situation where a user looses/forgets the password.. how do you authenticate what that the person claiming tohaev lost their password is actaully the right person.

  5. #5
    Join Date
    Jan 2005
    Posts
    362
    I will ask first the email, so to find the username.
    No I have a problem with the login I do not know what is wrong.
    I have this code
    Code:
    function count_login($liveshop,$user,$pass){
     $pass= md5($pass) ;
     $thisquery="select count(*) from user where login=? 
    and pass=? and usr_active='1' and usr_type<>'1';";
       $thisstmt = $liveshop->prepare( $thisquery)  or die("error");
      $thisstmt->bind_param("ss", $user,$pass);
       $thisstmt->bind_result($thiscol1);
        $thisstmt->execute(); 
         $thisstmt->bind_result($thiscol1);
         while ($thisstmt->fetch()) {
          //  $thiscol=  $thiscol1  ;
        if ($thiscol1>0 )
            return "true";
            else
            return "false"  ;
      }}
    But even I type the good password I can not login!
    Hoiw can I compare the password that user typed with the one from the db?
    Last edited by dimis2500; 03-26-08 at 10:12.

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    when the user created their password and ou encrypted it, make sure you use the same function / process, and then do a cpparison with the stored value

    if you are using MD5 fine

    waht is hapneing in the class?
    thats the code you need to check.

  7. #7
    Join Date
    Jan 2005
    Posts
    362
    It seems that the md5($pass) of new user form create a different number from the login form!
    ----EDIT----
    Ok I solved that.
    Last edited by dimis2500; 03-26-08 at 11:15.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •