Page 2 of 2

Posted: Fri Sep 30, 2005 8:29 am
by cnl83
Any ideas..to resolve this? I tried a couple of things, but weak...

Posted: Fri Sep 30, 2005 9:29 am
by shiznatix
it looks like that becuase its hashed with md5. you don't store a password in a database without hashing it. it goes like this

-user makes password, password is hashed, hash is stored in the database.
-user logs in, password entered is hashed, hashed password is checked against the hash already stored in the database, if its a match then they get logged in.

the reason you want to save the hash in the db is becuase if someone hacks your database and somehow is able to see the contents of it, you don't want them to have everyones password!

Posted: Fri Sep 30, 2005 10:17 am
by cnl83
I read up on it at php.net . Thanks for the info on that.

My password post with this.

<?php echo (isset($_POST['password'])) ? $_POST['password'] : $admin_update->old_user_password; ?>

If I could figure out how to post with md5, then that should work correct?

Posted: Fri Sep 30, 2005 11:04 am
by John Cartwright

Code: Select all

<?php echo (isset($_POST['password'])) ? md5($_POST['password']) : $admin_update->old_user_password; ?>

Posted: Fri Sep 30, 2005 11:14 am
by cnl83
Appreciate the coding...
That didnt work..same issue.

You cant unhash from what I read.

Posted: Fri Sep 30, 2005 11:37 am
by cnl83
Isnt this the code that check to see if its even set?

Code: Select all

if (isset($_POST['Submit'])) {
	if ($_POST['Submit'] == "Update") {
		$conf_str = (isset($_POST['send_confirmation'])) ? $_POST['send_confirmation'] : ""; // the checkbox value to send a confirmation mail 
		$admin_update->update_user_by_admin($_POST['level'], $_POST['user_id'], $_POST['password'], $_POST['email'], $_POST['activation'], $conf_str);
		$admin_update->get_userdata($_POST['login_name']); // this is needed to get the modified data after update
	} elseif ($_POST['Submit'] == "Search") {
		$admin_update->get_userdata($_POST['login_name']);
	}
} elseif (isset($_GET['login_id']) && intval($_GET['login_id']) > 0) {
		$admin_update->get_userdata($_GET['login_id'], "is_id");
} 
$error = $admin_update->the_msg; // error message

?>