I would like to see an extension for DMX that will encrypt and un-encrypt passwords in md5 format. Are there any out there? I have searched and searched and cannot find one.
I think he means to hash the password using MD5 so that in the database it is not readable and then simply allow the User AUthentication behavior to read it. This is possible with the Insert Record and User Authentication behaviors, with a bit of hand coding (very little).
Example:
In your registration page (or wherever the user first chooses a password), look for s a line similar to this:
Next in your LOGIN page (where you used the User Authentication behavior) look for:
$FF_valPassword=$HTTP_POST_VARS['password'];
and replace with:
$FF_valPassword=md5($HTTP_POST_VARS['password']);
That's it. Making the two changes above will allow you to hash the password so it can't be read directly in the database, but will still allow it to be checked during login.
Just remember that with MD5 there is no way to ever recover the password if it is forgotten. It must be reset.
Comments
not so requre
First of all md5() can't un-encrypt.
and you can do this only some hand coding.
RE: not so requre
I think he means to hash the password using MD5 so that in the database it is not readable and then simply allow the User AUthentication behavior to read it. This is possible with the Insert Record and User Authentication behaviors, with a bit of hand coding (very little).
Example:
In your registration page (or wherever the user first chooses a password), look for s a line similar to this:
$insertSQL = sprintf("INSERT INTO registry (1name, 2name, street, city, state, zip, phone, email, username, password) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
Replace the corresponding %s (in this case the last one for password) with MD5(%s) so you now have:
$insertSQL = sprintf("INSERT INTO registry (1name, 2name, street, city, state, zip, phone, email, username, password) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, md5(%s))",
Next in your LOGIN page (where you used the User Authentication behavior) look for:
$FF_valPassword=$HTTP_POST_VARS['password'];
and replace with:
$FF_valPassword=md5($HTTP_POST_VARS['password']);
That's it. Making the two changes above will allow you to hash the password so it can't be read directly in the database, but will still allow it to be checked during login.Just remember that with MD5 there is no way to ever recover the password if it is forgotten. It must be reset.
I hope this helps someone else.
James
DMXzone premium article on this...
RE: RE: not so requre
You must me logged in to write a comment.