Jump to content


Photo

Password input help


  • Please log in to reply
12 replies to this topic

#1 Drezard

Drezard
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 10 September 2006 - 08:25 AM

Hello, with password input fields on any big website (such as hotmail.com, yahoo.com, this site) when u input your password it automatically changes it to ******. What is the code for this?

- Cheers, Daniel

#2 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 September 2006 - 08:27 AM

its just the input type

<input type='password'>

just for security issues i think

#3 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 10 September 2006 - 08:35 AM

So anyone looking over you shoulder can't see your password.

#4 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 September 2006 - 08:41 AM

yeah and when you refresh pasword field is left empty so your password wont be leaking the net :o

#5 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 September 2006 - 08:56 AM

also to add please also remeber to use md5 for the password within the code to prevent hacking.
<?php
$password=trim($password);
$password=addslashes($_POST['password']);
$password=md5($password);
?>

there are also meny other functions to encode php passwords the best to days date is to use md5 and salt but i think md5 ok.

good luck.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#6 Drezard

Drezard
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 10 September 2006 - 09:05 AM

Then what do i do on the other end when im trying to access the password. Will it automatically un-encrypt it?

- Cheers, Daniel

#7 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 September 2006 - 09:07 AM

no md5 is one way encription you can not decript and also not show the password as the password the user put in the database.

if you need to show the password then i sugest you use mycript or you use base64_encript and base64_decript ok.

warning remember that base64 has been around for a long time and there are meny database websites with millions of cracked code that why we all use md5.

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#8 Drezard

Drezard
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 10 September 2006 - 10:15 AM

How do i do that (Can u give me an example of it like encryption).

Thanks, Daniel

#9 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 10 September 2006 - 10:27 AM

The idea when using md5 is to encrypt the password before you insert it into the database.  When a user enters his username and password to log in, you encrypt the password again using md5, and then compare it with what's in the database.  You don't decrypt.

It means users cant have their old one sent to them if they forget it, but they can have it reset.

Regards
Rich
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#10 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 September 2006 - 10:34 AM

what example do you want m8.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#11 Drezard

Drezard
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts

Posted 10 September 2006 - 10:45 AM

Well if I use HuggieBear's example would there be any way to send users their password?

- Cheers, Daniel

#12 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 September 2006 - 10:49 AM

no.

a user will no there password what you need to do is add a colum in the database next to members and then send a link to the user to press the activate the account then the database gets example a yes in the new colum then the user can log in.

the only time you will ever need to do somethink with a md5 password is to update the database if the user has lost it.

good luck.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#13 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 10 September 2006 - 05:44 PM

I noticed some membership sites where you lost you password, you have to reset it while for other sites, if you forgot your password, it will be sent to you.

The former in their database use some kind of hashing/encryption.

The latter are sites where they store your password directly in the database.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users