Page 1 of 1
Password Field
Posted: Sat Jul 04, 2009 11:19 am
by aditi_19
Hi,
I am creating a login page in php where the password field is stored in Mysql database in hash format. When i am trying to compare that the username and password entered, matches or not, then I am unable to retieve the original password characters.
Originally, I have used this query to enter a new username and password into the database:
INSERT into tbluserentry (username,password) values ('Admin',password('project'));
So, the password field is stored as desired !
But how should i retrieve the original password characters when i want to check whether the username and password entered in the login page are same or not?
Please help !
Aditi
Re: Password Field
Posted: Sat Jul 04, 2009 11:36 am
by jayshields
You don't retrieve the original characters. You hash the user input and compare it against the existing hashed password. If it matches, it's the same.
Re: Password Field
Posted: Sat Jul 04, 2009 11:47 am
by aditi_19
Thanks !
How to i hash a password submitted in the login form to check it with the hashed password stored in the database?
Is there any function in php which is to be used?
Re: Password Field
Posted: Sat Jul 04, 2009 11:53 am
by Jammerious
sha1($var)
Re: Password Field
Posted: Sat Jul 04, 2009 11:59 am
by aditi_19
I am trying to use the same function, but the hash value returned by this function and the hash value stored in the database are not the same for a same password !
What could be the problem?
Re: Password Field
Posted: Sat Jul 04, 2009 12:08 pm
by aditi_19
I got the solution to my problem. Thanks for the help !
I have one more question. My php form always displays some dummy password in the password field whenever the form loads !
This is my html code !
<input type="password" name="Pass" id="Password" tabindex="2" autocomplete="off"/>
I have used autocomplete feature also but it doesnot work fine. What should be done so that the password field is always blank when the form loads?
Thanks,
Aditi
Re: Password Field
Posted: Sat Jul 04, 2009 2:33 pm
by jayshields
Just use
Code: Select all
<input type="password" value="" />
Re: Password Field
Posted: Sat Jul 04, 2009 3:10 pm
by aditi_19
I tried doing this, but it did not work. I think there is some problem every time the form loads.
Is there any other way?
Re: Password Field
Posted: Sat Jul 04, 2009 3:42 pm
by jayshields
It's probably browser-based then, ie. the browser is autocompleting the form for you. Try setting the name/id of your form field to something else and see if it still has a value.
Re: Password Field
Posted: Sat Jul 04, 2009 4:14 pm
by aditi_19
The problem still persists. I will try to run the code on other machine and see if the problem is still there !
Thanks,
Aditi