password decyption...anyone?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

password decyption...anyone?

Post by pleigh »

hi there,

i was able to encrypt password through password() function...is there any function in PHP where you can decrypt password?

thanks

pleigh :lol:
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

What's the password() function?... I can't see it anywhere in the manual on php.net. Did you get a code snippet for this? If you post the function snippet then it's probably easy to decrypt ;-)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I believe pleigh is talking about the MySQL PASSWORD() function.. :: http://dev.mysql.com/doc/mysql/en/encry ... tions.html
Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application.
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

got it from the book :lol:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

which book? post the code to the function. We're not here to guess at what you are talking about, please be specific.
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

thanks feyd. u have an idea of decrypting it?
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

here's the summary of my register page:

Code: Select all

if (empty($_POSTї'password1']))
	{
		$pw = FALSE;
		$message .= 'Enter your password!<br>';
	&#125;
	else
	&#123;
		if ($_POST&#1111;'password1'] == $_POST&#1111;'password2'])
		&#123;
			$pw = $_POST&#1111;'password1'];
		&#125;
		else
		&#123;
			echo 'Your password did not match the confirmed password!<br>';
		&#125;
	&#125;

if ($fn && $ln && $un && $pw && $e)
	&#123;
		$query = "INSERT INTO users(firstname, lastname, username, password, email)
		values('$fn','$ln','$un', '$pw', '$e')";
		$result = @mysql_query($query);
		
		if ($result)
		&#123;
			echo '<b>You have been registered</b><br>';
			exit();
		&#125;
		else
		&#123;
			$message = 'You could not be registered due to system error.<br>'.mysql_error();
		&#125;
and here's my login page:

Code: Select all

if (empty($_POST&#1111;'password'])) 
&#123;
$pw = FALSE;
$message .= 'Please enter your password!<br>';
&#125; 
else 
&#123;
$pw = stripslashes($_POST&#1111;'password']);
&#125;
						
//if username and password OK...
if ($un && $pw) 
&#123;
$query = "SELECT userID, firstname FROM users WHERE username='$un' AND password='$pw'";		
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM); 
if ($row) 
&#123; 										$_SESSION&#1111;'firstname'] = $row&#1111;1];
$_SESSION&#1111;'userID'] = $row&#1111;0];
header ("Location:  http://" . $_SERVER&#1111;'HTTP_HOST'] . dirname($_SERVER&#1111;'PHP_SELF']) . "/template.php");
exit();				
&#125; 
else 
&#123;
$message = 'The username and password entered do not match.<br>'; 
&#125;
the problem is, i can encrypt the password during registration using passwor(), but when i log in, i cannot access the next page for password mismatch...

thanks

pleigh
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

oopss!!!sori, i haven't used the password encryotion yet...but i used the password() like:

in login page:
їcode]
$query = "SELECT userID, firstname FROM users WHERE username='$un' AND password='$pw'";
ї/code]

and register page:
їcode]
$query = "INSERT INTO users(firstname, lastname, username, password, email)
values('$fn','$ln','$un', PASSWORD('$pw)', '$e')";
ї/code][/quote]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

did you read the note I quoted? at any rate, the selection should be done against the password like so:

Code: Select all

SELECT `userID`, `firstname` FROM `users` WHERE `username` = '$un' AND `password` = PASSWORD('$pw')
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

now i'm really confused...sori...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you don't decrypt it, you test the already encrypted string, against the submitted password after passing it through the same encryption.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

btw, i really suggest you to read the MySQL manual.. Because it has some things to say about that PASSWORD function.. (As in that it's not a good idea to use it...)

http://dev.mysql.com/doc/mysql/en/encry ... tions.html
Post Reply