Jump to content

Problems encryping a password

blue_smartie

By blue_smartie
in PHP Coding Help

 Share

Recommended Posts

blue_smartie Newbie

blue_smartie

Posted
Posted

Hello all, I a have been using PHP for about 6 months now, but I am having trouble working out why the following code doesn't work.

 

I have this query which should put an encypted password into my database, but it just sends it in plain text.

 

$query=("update user_security set password=password('" . $new_pass . "') where username = '" . $row['username'] . "'");

Here is the output from echoing the query

 

update user_security set password=password('wddEejBDmDA') where username = 'douggy_1'

 

When I look at the database all that in the password field is wddEejBDmDA but I would like it encrypted.

 

I have spent hours trying to sort this any help would be greatly appreciated.

Thanks

(Not sure if I should have posted this in the MySQL section, sorry, new to all this.)

Link to comment
https://forums.phpfreaks.com/topic/236534-problems-encryping-a-password/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Its likely that you are either not executing the query in your code or the query produces an error and doesn't run. What is your whole code.

 

Also, you should NOT use the mysql password() function to do this -

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

 

And, if you are doing this for all the rows in your table, you don't need any php code to retrieve and loop through all the usernames. You can use ONE single UPDATE query to update all the rows at once. An update query without a WHERE clause will operate on all the rows in your table at once.

blue_smartie Newbie

blue_smartie

Posted
  • Author
Posted

Hi thanks for the reply, here is the code.

The query must execute as the database is updated, its just the password is in plain text. I'm really new to the world of computer programming, so I should be using the md5() function then?

 

<?php
session_start();
include ("registration_functions.php");
db_connect();
//declare variables
$query = ("select * from user_details where email = '" . $_POST['security2'] . "'");
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $query;
echo "<br />";
$query=("select * from user_security where username = '" . $row['username'] . "'");
$result=mysql_query($query);
echo $query;
echo "<br />";
$row = mysql_fetch_array($result);
if ($row['security_answer']==$_POST['security1']){
  $query=("insert into previous_passwords (username, old_passwords) values ( '" . $row['username'] . "','" . $row['password'] . "')");
  $result=mysql_query($query);
  echo "<br />";
  echo $query;
  $new_pass=password_generator(); 
  $query=("update user_security set password=password('" . $new_pass . "') where username = '" . $row['username'] . "'");
  $result=mysql_query($query);
  echo "<br />";
  echo $query;
  $to = $_POST['security2'];
  $subject = "Temporary password request";
  $body = "Your password has been reset, here is your new temporary password ". $new_pass;
  if (mail($to, $subject, $body)) {
    $content=$to . "--" . $subject . "--" . $body;
    $query=("insert into emails (username, email_address, subject, content) values ('" . $_POST['username'] . "','" . $to . "','" . $subject . "','" . $body . "')");
    $result=mysql_query($query);
    echo("<p>A new temporary password has been sent to " . $_POST['security2'] . "</p>");
    }
  }
else echo "error";



?>

 

 

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

There's no way the posted update query is putting the $new_pass value into the table. Either that's not your actual code that is being executed on your server or you have some other code on the page that is doing set password='$new_pass' Are you sure you saved the code you posted to the server?

blue_smartie Newbie

blue_smartie

Posted
  • Author
Posted

The only other code connected to this script is the functions page (to connect to my db and to generate the random passwords) and the page containing the form (purely a request for new password form).

 

This is the whole script, each time I execute it, a new password is created and inserted into my database but in plain text.

 

Sorry I hope that makes sense.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Are you sure you are looking in the correct table?

 

Again, computers only do exactly what their code tells them to do. If you echoed the $query string and the value shown for $new_pass is what gets updated in the user_security table, either that's not the actual code or the values you are looking at are not actually the same between what was echoed and what is in the table or you are not looking in the correct table.

blue_smartie Newbie

blue_smartie

Posted
  • Author
Posted

Hi, I've ran the script again and double checked everything and it now seems to be encrypting the password and inserting it into the database like I wanted despite the fact I have not made a single change. Really sorry to waste your time, your help was much appreciated.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.