Code Newbie
News     Forums     Search     Members     Sign Up    

My Code Newbie
Username

Password

Articles/Snippets
ASP Classic
ASP.NET
C
C#
C++
HTML / CSS
Java
Javascript
Linux / BSD
Perl
PHP
Python
Ruby
SQL
VB 6
VB.NET

C.N. Friends
  Planet Rome

Link to Us!
Code Newbie
  Code Newbie
    forums
Old 11-26-2003, 12:29 PM   #1 (permalink)
trevor
Code Monkey
 
Join Date: Jan 2003
Location: Canada
Posts: 91
trevor is on a distinguished road
php crypt
i was wondering if someone could clarify the logic behind php crpyt();
i have it so when users register and enter a password it crypts it

PHP Code:
$cryptpass=$crypt($password); 
but for the login script....do i have to decrypt the password to authenticate it or hos does that work?
thanks,
Trevor
trevor is offline   Reply With Quote
Old 11-26-2003, 01:21 PM   #2 (permalink)
sde
Moderator
 
sde's Avatar
 
Join Date: May 2002
Location: us.ca
Posts: 4,503
sde is on a distinguished road
i usually use md5() for encrypting. and the logic will work for crypt as well.

your not going to decrypt at all, but rather encrypt the password they enter, and compare it to the encrypted password stored in the database.

when you use md5() , it produces a 32 character string, and that is the string you would store in the database.
PHP Code:
<?
// lets say you had a form that passed username and password
$encrypted_password md5($_POST['password']);

$result=mysql_query("select * from users 
             where username='" $_POST['username'] . "' 
               and password='" $encrypted_password "'");

// if any rows were found then it was successful
?>
__________________
Mike
sde is offline   Reply With Quote
Old 12-01-2003, 06:43 PM   #3 (permalink)
idx
Senior Grasshopper
 
idx's Avatar
 
Join Date: Jun 2003
Location: FL
Posts: 317
idx is on a distinguished road
To add a bit to sde's response, if you still want to use crypt(), then you must make sure you use the salt when you verify their login (see Example 1 http://www.php.net/crypt ). With md5 you don't have to think about this fact since the md5 hash will be the same everytime.

Also, when creating the crypt'ed version of the user's password, you really should be aware of what your server's capabilities are. eg: The default is standard DES (2chr salt), although for my FreeBSD box, PHP will produce a md5 signature with a 12chr salt. (not exactly the same md5 that sde is talking about)

More or less when using crypt, you should provide your own salt to ensure your password formats stay the same. It would suck to move your site to another server and have inconsistent password formats.

-r

(As a side note, I use md5 in projects where I don't have a specific reason to use crypt(). )
idx is offline   Reply With Quote
Old 12-01-2003, 07:04 PM   #4 (permalink)
sde
Moderator
 
sde's Avatar
 
Join Date: May 2002
Location: us.ca
Posts: 4,503
sde is on a distinguished road
thanks for explaining a little more about crypt idx!

i like md5, .. i develop c#/asp.net apps too, and can get the same hash from php or c#. with c# it's a lot more code though.
__________________
Mike
sde is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP Comes of Age sde Code Newbie News 0 04-14-2004 11:41 AM
new to php jhoop2002 PHP 12 08-06-2003 02:45 PM
I need to learn PHP Nitro PHP 9 06-28-2003 11:24 AM
Php Vs. Asp sde PHP 6 06-06-2003 06:02 PM
PHP Command-Line Arguments? Antagony PHP 3 05-02-2003 12:26 PM


All times are GMT -8. The time now is 06:25 AM.

Contact Us - CodeNewbie.com - Archive - Top

Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.0.0 RC8





Copyright © 2000-2008, Milano Interactive
Web Hosting provided by Portal 360 Web Hosting