Encoding

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Encoding

Post by php_user13 »

This is my first entry. It took a while to find out how to post a query, so I apologise if I've used the wrong section. I'm fairly new to PHP, but not a total beginner.

I am using the standalone phpdev423 and trying to work with encrypted passwords.
I have constructed a form and can enter and store the password in a database, I can display the password thus stored. I can encrypt the password using the crypt() function. That was the easy part. What I can't do is compare a password login with the previously stored password. Anyone that knows the crypt function is aware the salt changes, as a result the encrypted password from a login does not match a previously encrypted password stored on the database. I don't know how to capture the salt and store that or how to define the salt to control the encryption.

Can someone explain in simple terms how I can get around this problem?
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: Encoding

Post by jraede »

Just use md5() instead of crypt(), it is irreversible and always encrypts strings the same way, so you can compare the md5() versions of the password and they would also be the same.
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: Encoding

Post by php_user13 »

Thanks for that
I'd tried encode, crypt_blowfish and various other crypt_***, and mcrypt and most functions had come back as invalid. It looks like md5 will work. Didn't find that one in my searches. Much appreciated.
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: Encoding

Post by php_user13 »

I thought the problem was solved and indeed I can now encode consistently using md5() thanks to some assistance. However, I cannot remember how to (if I knew) extract the password from the stored database to insert into the comparing (if) statement to compare the entered and stored (encrypted) values. I can display the value via The SELECT statement, but not act on it.
e.g. I'm trying to set up access to a webpage thus... if the stored value (e.g. 'psword') = entered value (e.g. $_POST["psword"]) then {allow entry to a webpage}.
Can anyone advise?
:roll:
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: Encoding

Post by jraede »

Code: Select all

<?php
$password = // md5 encoded password stored in the database
if(md5($_POST['password'])) == $password) {
 // passwords match, take them to their account page, or whatever you want to do
}
else {
   echo "Wrong password.";
   exit();
}
?>
Is this what you're looking for?
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: Encoding

Post by jraede »

Since you re-posted this question in another thread, I'm assuming this isn't working for you. What are you having trouble with exactly?
php_user13
Forum Newbie
Posts: 8
Joined: Sat Mar 06, 2010 9:01 pm

Re: Encoding

Post by php_user13 »

I tried referencing the stored data by it's name, but I couldn't access it

I stored the original values via a Registration form
$query = "INSERT INTO Members (usrname, psword, encode, .....)
VALUES ($_POST[usrname], $_POST[psword], '$encPass1', .....)";
where psword is the actual password and
$encPass1 = md5($_POST["psword"]); e.g. md5(secret) in this case
This worked

I then created a login form and entered the same values
usrname = fjohnson and psword = secret

when I try to assign the stored password to a value e.g.
$value = psword; // e.g. stored value on database
I get $value = psword;
rather than $value = secret;
i.e. I'm not accessing the stored value (e.g. secret) only repeating the string 'psword'
(e.g. the response above using the variable 'Password' did not work)

I want to allow access to a webpage when the login password matches the stored password
i.e. the equivalent of
If (entered password) == (stored password) then (go to webpage via provided link);

I can display the values e.g.
$value1 = $_POST["usrname"];
$value2b = md5($_POST["psword"]);
$query = "SELECT * FROM Members WHERE usrname='$value1' AND encode='$value2b'";

But I can't use the stored values in an comparison expression

Does that clarify the problem or further confuse?
Post Reply