i.e. on registration insert into DB Hash(Trim(LCase(Form.Password)))
(LCase is used in this case so passwords arnt case-sensitive)
then when the user tries to login, check the hash of the form.password with
the hash in the DB.
One "feature" of this tho is email me my password wont work as you cannot
decrypt the hash, so you would need to create a new password and email that
HTH
Mikey
-----Original Message-----
From: Tim Laureska [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 16:19
To: CF-Talk
Subject: PW field decryption problem
Hello All...I had this working but now...
I encrypt a password that's inserted into an access database field upon
registration. The encryption processes fine... you can see it in the DB
However, when I go to login using the plain text PW, I get failed login
... I guess its got to be something in the decryption code or
application.cfm file, which is as follows
Anyone had problems/experience with this ... any help would be
appreciated... head hurts now
DECRYPTION CODE:
<cfset Encrypted = encrypt(password, Request.PasswordKey)>
<cfparam name="form.email" default="">
<cfparam name="form.password" default="">
<!--- QUERY THE DATABASE FOR MATCH --->
<cfquery name="getUser" datasource="#request.datasource#">
SELECT email, password
FROM table
WHERE email = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#Form.email#">
AND password = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#Encrypted#">
</cfquery>
application.cfm stuff:
<cfif not isdefined("Request.PasswordKey")>
<cfparam name="Request.PasswordKey"
default="5555hhhh777788885555hhhh77778888">
<cfparam name="Request.datasource" default="databasename">
</cfif>
Tim Laureska
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
