Page 1 of 1

Password Field

Posted: Sat Jul 04, 2009 11:19 am
by aditi_19
Hi,

I am creating a login page in php where the password field is stored in Mysql database in hash format. When i am trying to compare that the username and password entered, matches or not, then I am unable to retieve the original password characters.

Originally, I have used this query to enter a new username and password into the database:

INSERT into tbluserentry (username,password) values ('Admin',password('project'));

So, the password field is stored as desired !

But how should i retrieve the original password characters when i want to check whether the username and password entered in the login page are same or not?

Please help !
Aditi

Re: Password Field

Posted: Sat Jul 04, 2009 11:36 am
by jayshields
You don't retrieve the original characters. You hash the user input and compare it against the existing hashed password. If it matches, it's the same.

Re: Password Field

Posted: Sat Jul 04, 2009 11:47 am
by aditi_19
Thanks !

How to i hash a password submitted in the login form to check it with the hashed password stored in the database?
Is there any function in php which is to be used?

Re: Password Field

Posted: Sat Jul 04, 2009 11:53 am
by Jammerious
sha1($var)

Re: Password Field

Posted: Sat Jul 04, 2009 11:59 am
by aditi_19
I am trying to use the same function, but the hash value returned by this function and the hash value stored in the database are not the same for a same password !

What could be the problem?

Re: Password Field

Posted: Sat Jul 04, 2009 12:08 pm
by aditi_19
I got the solution to my problem. Thanks for the help !

I have one more question. My php form always displays some dummy password in the password field whenever the form loads !

This is my html code !

<input type="password" name="Pass" id="Password" tabindex="2" autocomplete="off"/>

I have used autocomplete feature also but it doesnot work fine. What should be done so that the password field is always blank when the form loads?

Thanks,

Aditi

Re: Password Field

Posted: Sat Jul 04, 2009 2:33 pm
by jayshields
Just use

Code: Select all

<input type="password" value="" />

Re: Password Field

Posted: Sat Jul 04, 2009 3:10 pm
by aditi_19
I tried doing this, but it did not work. I think there is some problem every time the form loads.

Is there any other way?

Re: Password Field

Posted: Sat Jul 04, 2009 3:42 pm
by jayshields
It's probably browser-based then, ie. the browser is autocompleting the form for you. Try setting the name/id of your form field to something else and see if it still has a value.

Re: Password Field

Posted: Sat Jul 04, 2009 4:14 pm
by aditi_19
The problem still persists. I will try to run the code on other machine and see if the problem is still there !

Thanks,

Aditi