not so requre

September 30, 2003 by Orhan Veli Firik

First of all md5() can't un-encrypt.

and you can do this only some hand coding.

RE: not so requre

January 2, 2004 by James Kruse

I think he means to hash the password using MD5 so that in the database it is not readable and then simply allow the User AUthentication behavior to read it.  This is possible with the Insert Record and User Authentication behaviors, with a bit of hand coding (very little).

Example:

In your registration page (or wherever the user first chooses a password), look for s a line similar to this:

  $insertSQL = sprintf("INSERT INTO registry (1name, 2name, street, city, state, zip, phone, email, username, password) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",

Replace the corresponding %s (in this case the last one for password) with MD5(%s) so you now have:

  $insertSQL = sprintf("INSERT INTO registry (1name, 2name, street, city, state, zip, phone, email, username, password) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, md5(%s))",

Next in your LOGIN page (where you used the User Authentication behavior) look for:

  $FF_valPassword=$HTTP_POST_VARS['password'];

and replace with:

  $FF_valPassword=md5($HTTP_POST_VARS['password']);

That's it.  Making the two changes above will allow you to hash the password so it can't be read directly in the database, but will still allow it to be checked during login.

Just remember that with MD5 there is no way to ever recover the password if it is forgotten.  It must be reset.

I hope this helps someone else.

James

 


 

 

DMXzone premium article on this...

August 4, 2004 by Chris Charlton
Allen Kent wrote an article about different encryption methods, was a good read! http://www.dmxzone.com/showDetail.asp?TypeId=28&NewsId=6559

RE: RE: not so requre

May 16, 2007 by Juhani Kujala
You also have to verify that the DB password field can hold a md5 value. Check the database password column and adjust it to VARCHAR(32).