Hello all,
This is my first post here.
After searching the web and nothing found, I decided to open a topic on this forum.
I want to code a little trick, as following:
- I want to store 50 random passwords in a database.
- I will create an index.php, where the users having ONE of the 50 passwords can connect -> index.php has only a text input and a submit button. if you input the correct password received from me, you have access to a form in order to place some some kind of sport bet.
- the challenge comes up when I thought that the password should be used only ONE time - I mean, after the user fills the form and submit, the data are stored in DB and the random password should be deleted, in order to deny other entries using that password.
So my question: - is there a way to delete the random password after the usage ? Or to be disabled in order to deny another entries using it.
Thanks in advance.
Delete password after first use
Moderator: General Moderators
Re: Delete password after first use
Create an extra field in your database table(preferably tinyInt), you can call is "used" or something similar. Let it default to 0.
Once a password is used you set the field to 1.
When you are checking for a password make sure you check for a row that has that field set to 0.
Once a password is used you set the field to 1.
When you are checking for a password make sure you check for a row that has that field set to 0.
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Delete password after first use
This could be a costly mistake; storing passwords in any form should be avoided; rather create a hash value and store that in the database. That way if your database is exposed an attacker won't have 50 passwords which can be used against your system.znupii wrote:I want to store 50 random passwords in a database.
If the passwords are once-off, a delete SQL query should solve the problem. You don't give any specifics about the database construction but it would be a good idea to make the 'password' column UNIQUE to prevent duplicate entries
Code: Select all
<?php
// after authentication remove the row containing the password.
$qry = "DELETE FROM `table` WHERE `password` = '" . $password . "' ";
?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering