Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6

Thread: Hide/Dishide

  1. #1
    Regular Coder DELOCH's Avatar
    Join Date
    Apr 2006
    Location
    Canada
    Posts
    537
    Thanks
    4
    Thanked 2 Times in 2 Posts

    Hide/Dishide

    I would like to Encode Passwords but there is a problem, I dunno how to decode them:

    I know how to use Password
    but not how to decode password

    I dont know encrypt and encode/decode functions

    please tell me how to use them if you can, thanks

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you should not use the password() function
    --> this function is only intended to be used for hashing your mysql-accounts passwords
    --> this function produces different digests in different mysql version so if you do use it for your own data, you can not update your db-version
    --> password() is just like sha1() and md5() a hashing function, so it's one-way. You can not recover the original value from the functions digest...

    i also don't understand you intended use --> what's the point in encoding a password? you should store the encrypted value of the password (using sha1() to encrypt it) in your db, and when the user then want to login, you encrypt the password that he used in the login form with sha1() and compare it to the stored one. like
    PHP Code:
    $sql "SELECT COUNT(*) FROM yourtable WHERE yourusernamecolumn='"$_POST['username'] ."' and yourencruptedpasswordcollumn='"sha1($_POST['pwd']) ."'"
    i don't think you realy understand the use of password-hashing so it might be a good idea to searh this forum and the php forum for more info.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    Regular Coder DELOCH's Avatar
    Join Date
    Apr 2006
    Location
    Canada
    Posts
    537
    Thanks
    4
    Thanked 2 Times in 2 Posts
    Yeah but how do I encode the sha1 to uncode it

    also how can I decode it while I write in the query?

  • #4
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    You need to read Raf's post again, because you missed the part about "You Can't Decode It."

    Nor do you want to be able to decode it; it's called one-way encryption and that's why it's so secure. To compare a password your user enters you simply encode the input and compare the two strings.

  • #5
    Senior Coder
    Join Date
    Sep 2005
    Posts
    1,791
    Thanks
    5
    Thanked 36 Times in 35 Posts
    a hash has 2 desirable properties:
    1. it is one-way. That means that given a value, you can hash it, but getting the original from the hash is very diffiicult (not impossible, but certainly not something you could do during the login process!)
    2. it is consistent. given a hash function f, f(a) will always produce the same result. Therefore, there are 'standard' hash functions that are used, md5 being one of them (sha1 another).
    md5('hello') will always produce 5d41402abc4b2a76b9719d911017c592

    So, when someone signs up, and decides they want their password to be 'hello', this gets hashed and stored in the database as the '5d41...' value above (truncated for readability...).

    When they come to login, they will type 'hello' in the password box. Your code will then hash the password (using the same function) and compare it to the value in the database. If they are the same, then the user entered the correct password. If they don't match, the password they entered wasn't 'hello'.

    The slight (ever so slight...) problem occurs when people forget their passwords, as there is no (practical) way of getting them back from the hash. The solution though, is simple: simply give them a new password, and send it to them. Send them an email with the new password, and hash it and store it in the database, and then they can login again, and (hopefully) change it to something they can remember.

  • #6
    Super Moderator guelphdad's Avatar
    Join Date
    Mar 2006
    Location
    St. Catharines, Ontario Canada
    Posts
    2,634
    Thanks
    4
    Thanked 148 Times in 139 Posts
    Nice explanation GJay.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •