Password decryption

--0-266560016-1203218266=:96145
Content-Type: text/plain; charset=us-ascii

Hi,

I'm junior in PHP and stuck on Encryption.

I have encrypted password using SQL :

$query = "insert into user (userid,password,) values ('$username',Password('$pass'));";

Which is working perfect. Now I'm working on Login page where I have to compare passwords.. As password in database is encrypted so I need to decrypt it back for compression. I have tried the flowing but not working.

if ($pwd != Password("$info['password']"))
{
echo("-----------------");
//header("Location: abuse.php");
}

and

if ($pwd != $info(Password("['password']"))
{
echo("-----------------");
//header("Location: abuse.php");
}

Could any one please help..

Thank you


____________________________________________________________ ________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

--0-266560016-1203218266=:96145--

RE: Password decryption

Hi,

Note from the manual:

PASSWORD() encryption is one-way (not reversible).

Also note:

===============================
Note
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications.
For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism
(CRAM)), for more information about handling passwords and authentication securely in your applications.
===============================

The way to do it is to encrypt the response password from the logon and compare the encrypted versions; rather than decrypting for
the compare.

Gary

> -----Original Message-----
> From: Nasreen Laghari [mailto:nasreen_laghari@yahoo.com]
> Sent: Sat, February 16, 2008 10:18 PM
> To: php-db@lists.php.net
> Subject: [PHP-DB] Password decryption
>
>
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values
> ('$username',Password('$pass'));";
>
> Which is working perfect. Now I'm working on Login page where
> I have to compare passwords.. As password in database is
> encrypted so I need to decrypt it back for compression. I
> have tried the flowing but not working.
>
> if ($pwd != Password("$info['password']"))
> {
> echo("-----------------");
> //header("Location: abuse.php");
> }
>
> and
>
> if ($pwd != $info(Password("['password']"))
> {
> echo("-----------------");
> //header("Location: abuse.php");
> }
>
> Could any one please help..
>
> Thank you
>
>
>
> ____________________________________________________________ __
> ______________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Password decryption

Nasreen Laghari wrote:
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values ('$username',Password('$pass'));";
>
> Which is working perfect. Now I'm working on Login page where I have to compare passwords.. As password in database is encrypted so I need to decrypt it back for compression. I have tried the flowing but not working.
>
> if ($pwd != Password("$info['password']"))
> {
> echo("-----------------");
> //header("Location: abuse.php");
> }
>
> and
>
> if ($pwd != $info(Password("['password']"))
> {
> echo("-----------------");
> //header("Location: abuse.php");
> }
>
> Could any one please help..
>
> Thank you
>
>
> ____________________________________________________________ ________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
the password is encrypted one way ( usually md5() ) so you must compare
the encrypted hashes



--
Matteo Cisilino

Blog : http://matteo.cisilino.com

------------------------------------------------------------ --------
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to matteo@cisilino.com
Thank you
------------------------------------------------------------ --------

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Password decryption

On Feb 16, 2008 10:17 PM, Nasreen Laghari wrote:
> Hi,
>
> I'm junior in PHP and stuck on Encryption.
>
> I have encrypted password using SQL :
>
> $query = "insert into user (userid,password,) values ('$username',Password('$pass'));";

It's a one-way encryption method, so you won't be able to see the
plain-text equivalent of the password again, but you can use this when
testing a login:

SELECT * FROM user WHERE userid='".$username."' AND
password=PASSWORD('".$pass."')";

Also, to correct your $query above, some things to note:
PASSWORD is a reserved word in MySQL, so you shouldn't name
any columns or databases as such.
You have a comma after `userid,password,` in your column bracket.
With PHP, you shouldn't end your MySQL query with a semicolon.
The code needs it to terminate the line, the query doesn't.

--


Daniel P. Brown
Senior Unix Geek


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php