bigd39
Posts: 16
|
Posted: 04/12/2004, 3:35 PM |
|
I have encrypt the password into the database an decrypt the password
using md5 an on the login page what code would work for this..
|
|
|
cableguy
|
Posted: 04/12/2004, 5:08 PM |
|
md5 is an asymmetric one way hash. Anything that you encrypt using it cannot be decrypted. So if you use md5, you have to encrypt any values before you compare them with the one that are already encrypted.
|
|
|
bigd39
Posts: 16
|
Posted: 04/12/2004, 5:35 PM |
|
I don't know what you are talking about i just did it with login an it worked. why have md5 if can't decrypt it.
|
|
|
bigd39
Posts: 16
|
Posted: 04/12/2004, 5:47 PM |
|
Sorry you can use md5 to do a checksum against the password that is stored in the database
|
|
|
peterr
Posts: 5971
|
Posted: 04/12/2004, 8:33 PM |
|
To authenticate users when they login, it may be easiest to modify the CCLoginUser function in Common.php
For example replace
$SQL = "SELECT user_id, security_level FROM users WHERE user_login=" . $db->ToSQL($login, ccsText) . " AND user_pass=" . $db->ToSQL($password, ccsText); with$SQL = "SELECT user_id, security_level FROM users WHERE user_login=" . $db->ToSQL($login, ccsText) . " AND user_pass=password(" . $db->ToSQL($password, ccsText).")";
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
peterr
Posts: 5971
|
Posted: 04/12/2004, 8:51 PM |
|
I haven't tried this, but I believe that there are several methods to allow users to register with with a password that you'd like to encrypt. One example would be use the record form with "Before Execute Insert" that modifies your SQL statement. You could probably search $FormName->ds->SQL and replace the "user_pass" with "password(user_pass)".
Take a look at these URLs to learn how to customize the SQL at runtime: http://docs.codecharge.com/studio/html/ProgrammingTechn.../ModifySQL.html http://docs.codecharge.com/studio/html/Components/RTProperties/PHP/SQL.html
And to let users change their password via the record form, you can use the "Custom Update" property with the SQL like:
UPDATE users SET user_pass=password('{new_password}') WHERE user_id = {UserID}
(you may need to define the 2 parameters "new_password" and "UserID" for the Custom Update below the SQL section)
These are just general guidelines. The exact implementation may require little debugging and adjusting the code to work with your field names.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|