Creating a password field in mysql
Moderator: General Moderators
Creating a password field in mysql
How do you create a password field in mysql that is encrypted like the one on the user table in the mysql database that controls access to the DBMS?
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
so is it safe to create a user table for my database and not encrypt the password field? It really doesn't matter because the information doesn't need to be secure, but I'm trying to figure out the best way to create this. If I did it that way would I do it like this.
Code: Select all
alter table users add OLD_PASSWORD(password) varchar(15);three options you have.
md5(), sha1(), or feyd's sha256 (search code snippets for that you must).
ex usage:
md5(), sha1(), or feyd's sha256 (search code snippets for that you must).
ex usage:
Code: Select all
$query = "insert into myTable (username,password) values ('burrito','".md5("taco")."')";- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Note that you could also use MySQL's MD5() function:
but that this is *not* the same as PHP's md5() function.
Mac
Code: Select all
$query = "insert into myTable (username,password) values ('burrito', md5('taco'))";Mac
You really should add salt to your encrypted password...
CREATE PASSWORD
VALIDATE PASSWORD:
Code: Select all
$username = 'hawleyjr';
$password = 'abc123';Code: Select all
define('HASH_LEN',20);
//CREATE SALT
$salt = substr(sha1(time()),HASH_LEN);
//create password
$password = $salt . sha1( $salt . $password);
//QUERY:
"INSERT INTO myTable set username = '$username',pass = '$password'"VALIDATE PASSWORD:
Code: Select all
//QUERY:
"SELECT pass FROM myTable where username = '$username'"
//FROM QUERY:
$passFromDB = 'ccb8e9d800e210ea45da40c25e653e9c4c08d504997bf3d05f14d0fddcbb';
//GET SALT
$salt = substr($passFromDB ,HASH_LEN);
//VALIDATE PASSWORD
if($salt . sha1( $salt . $password) == $passFromDB){
//VALID USERNAME/PASS
}else{
//INVALID USERNAME/PASS
}