Re: [PHP-DB] Password decryption
On Feb 16, 2008 10:17 PM, Nasreen Laghari <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values
> ('$username',Password('$pass'));";
It's a one-way encryption method, so you won't be able to see the
plain-text equivalent of the password again, but you can use this when
testing a login:
SELECT * FROM user WHERE userid='".$username."' AND
password=PASSWORD('".$pass."')";
Also, to correct your $query above, some things to note:
PASSWORD is a reserved word in MySQL, so you shouldn't name
any columns or databases as such.
You have a comma after `userid,password,` in your column bracket.
With PHP, you shouldn't end your MySQL query with a semicolon.
The code needs it to terminate the line, the query doesn't.
--
Daniel P. Brown
Senior Unix Geek
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Password decryption
Nasreen Laghari wrote:
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values
> ('$username',Password('$pass'));";
>
> Which is working perfect. Now I'm working on Login page where I have to
> compare passwords.. As password in database is encrypted so I need to decrypt
> it back for compression. I have tried the flowing but not working.
>
> if ($pwd != Password("$info['password']"))
> {
>echo("-");
>//header("Location: abuse.php");
> }
>
> and
>
> if ($pwd != $info(Password("['password']"))
> {
>echo("-");
>//header("Location: abuse.php");
> }
>
> Could any one please help..
>
> Thank you
>
>
>
>
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
the password is encrypted one way ( usually md5() ) so you must compare
the encrypted hashes
--
Matteo Cisilino
Blog : http://matteo.cisilino.com
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to [EMAIL PROTECTED]
Thank you
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Password decryption
Hi,
Note from the manual:
PASSWORD() encryption is one-way (not reversible).
Also note:
===
Note
The PASSWORD() function is used by the authentication system in
MySQL Server; you should not use it in your own applications.
For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section
2 (Challenge-Response Authentication Mechanism
(CRAM)), for more information about handling passwords and authentication
securely in your applications.
===
The way to do it is to encrypt the response password from the logon and compare
the encrypted versions; rather than decrypting for
the compare.
Gary
> -Original Message-
> From: Nasreen Laghari [mailto:[EMAIL PROTECTED]
> Sent: Sat, February 16, 2008 10:18 PM
> To: php-db@lists.php.net
> Subject: [PHP-DB] Password decryption
>
>
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values
> ('$username',Password('$pass'));";
>
> Which is working perfect. Now I'm working on Login page where
> I have to compare passwords.. As password in database is
> encrypted so I need to decrypt it back for compression. I
> have tried the flowing but not working.
>
> if ($pwd != Password("$info['password']"))
> {
>echo("-");
>//header("Location: abuse.php");
> }
>
> and
>
> if ($pwd != $info(Password("['password']"))
> {
>echo("-");
>//header("Location: abuse.php");
> }
>
> Could any one please help..
>
> Thank you
>
>
>
> __
> __
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
