[SOLVED] Password Encrypt!

[The Saint]

Can someone tell me why my database is encrypting passwords, changing into numbers and lettters. The reason this effects me is because when i try to log in the database only allows me to log in with the encrypted pass. How do i change it so it dosen't code it?

[dbo]

It's only doing what you tell it to. Either your create user code is telling it to encrypt or you're encrypting it with some sort of MySQL encryption function. Figure out why it's being encrypted then we can help you go from there.

[The Saint]

It's only doing what you tell it to. Either your create user code is telling it to encrypt or you're encrypting it with some sort of MySQL encryption function. Figure out why it's being encrypted then we can help you go from there.

 

 

i know i tried all the combinations i dont know what setting it needs to be on

[dbo]

Are you using a form to create the new users/passwords or doing it through a database admin interface such as phpMyAdmin?

[The Saint]

Are you using a form to create the new users/passwords or doing it through a database admin interface such as phpMyAdmin?

 

 

 

yea when i sign up the passwords go to my tables in phpmyadmin i dont want to uncrpty all the passes to lose security but only uncrypt the passwords that are sent to db user table USERS

[dbo]

So you're saying that you specified some sort of encryption in the DB then?

[dbo]

Typically I use either crypt and md5 hashes to encrypt the passwords when putting them into the database (these functions are non-reversable and very secure when used appropriately). Then the trick is encrypting the password that the user gives you and comparing encrypted to encrypted instead of trying to encrypt/decrypt anything. Theres no need to store passwords clear text.

[The Saint]

So you're saying that you specified some sort of encryption in the DB then?

 

yes exactly i was playing around with this thing and u could edit fields,type,lengths , ect and i kept tryna see what happened it changed but didnt show so if this would change what do i have to change it too

[The Saint]

Typically I use either crypt and md5 hashes to encrypt the passwords when putting them into the database (these functions are non-reversable and very secure when used appropriately). Then the trick is encrypting the password that the user gives you and comparing encrypted to encrypted instead of trying to encrypt/decrypt anything. Theres no need to store passwords clear text.

 

Well that is a problem  because itll only allow me to log in with the encrypted password

[dbo]

Well I believe that the MySQL encryption stuff is reversable so in theory you could run a query specifying the appropriate decryption function to pull out all the current usernames and passwords.

 

I still think the md5/crypt approach is way better for passwords.

[The Saint]

Well I believe that the MySQL encryption stuff is reversable so in theory you could run a query specifying the appropriate decryption function to pull out all the current usernames and passwords.

 

I still think the md5/crypt approach is way better for passwords.

 

 

could u possibly make one for me, ovarall view is i sign up, try and log in it dont work. end of story lol

[dbo]

I don't know the encryption functions you're using and the "salt" being passed to them.

[The Saint]

I don't know the encryption functions you're using and the "salt" being passed to them.

 

 

php is very complicated :-\ why is it even encrypted any if i am the person at localhost

[dbo]

Argh, it doesn't sound like PHP is encrypting anything... it sounds like the database. Without knowing what you've done it's really hard to say. I don't know what version of MySQL you're using but some of this may or may not help you. It varies slightly depending on version.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

[The Saint]

Argh, it doesn't sound like PHP is encrypting anything... it sounds like the database. Without knowing what you've done it's really hard to say. I don't know what version of MySQL you're using but some of this may or may not help you. It varies slightly depending on version.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

 

nothing there i understood

[dbo]

Heh, well without knowing everything that you've done I'm not sure that I can help you... sorry buddy.

[The Saint]

Heh, well without knowing everything that you've done I'm not sure that I can help you... sorry buddy.

 

well is there ANYONE her have any possible other solutions wont hurt to try

[dbo]

Give some more details on the situation. You're not giving a lot to work with.

[The Saint]

Give some more details on the situation. You're not giving a lot to work with.

 

 

Okay ive went throught ALOT just to create a basic form

 

 

Here are all my files

 

<a href="http://thesaintcodes.eamped.com/post6.html#6">register.php</a>

<a href="http://thesaintcodes.eamped.com/post7.html#7">login.php</a>

<a href="http://thesaintcodes.eamped.com/post8.html#8">do_login.php</a>

<a href="http://img523.imageshack.us/img523/6455/taskjk1.png">db:user table:users(snapshot)</a>

<a href="http://img106.imageshack.us/img106/650/images1td1.png">Browse Table(Snpashot Fullscreen)</a>

 

 

 

[dbo]

$password = md5($password);

 

in register.php this is where you are encrypting it.

 

So when you're doing your select you simply need to encrypt the raw data so that you are comparing apples to apples (encrypted to encrypted) rather than (raw to encrypted) which won't work. Furthermore you should salt crypt/md5 hashes or they can and probably will be cracked.

[The Saint]

$password = md5($password);

 

in register.php this is where you are encrypting it.

 

So when you're doing your select you simply need to encrypt the raw data so that you are comparing apples to apples (encrypted to encrypted) rather than (raw to encrypted) which won't work. Furthermore you should salt crypt/md5 hashes or they can and probably will be cracked.

 

 

???  uhm confused so what do i need to change about $password = md5($password); <--that?

[dbo]

blah, you're killing me. You didn't write any of this script did you?

 

In you're do_login.php file change:

 

$sql = "SELECT id FROM users
WHERE username='".$_POST[username]."'
And password='".$_POST[password]."'"; 

 

to

 

$sql = "SELECT id FROM users
WHERE username='".$_POST[username]."'
And password='". md5($_POST[password]) ."'"; 

 

and it should work. That being said, without a salt this is definately not the best way to do it... but it should let you login.

[The Saint]

blah, you're killing me. You didn't write any of this script did you?

 

In you're do_login.php file change:

 

$sql = "SELECT id FROM users
WHERE username='".$_POST[username]."'
And password='".$_POST[password]."'"; 

 

to

 

$sql = "SELECT id FROM users
WHERE username='".$_POST[username]."'
And password='". md5($_POST[password]) ."'"; 

 

and it should work. That being said, without a salt this is definately not the best way to do it... but it should let you login.

 

 

haha yea lemme try it sorry im like a n00b compared to this i only help people with basic logic

[dbo]

And please continue to do so.

 

I dunno it's a matter of opinion I guess but I personally will not use anyone else's scripts without knowing exactly how they work. Without knowing you can't do maintenance, debug... and there could be security holes. If you want to use scripts available online or whatever it's fine but I'd suggest you make sure you understand the logic before going live with them.

[The Saint]

And please continue to do so.

 

I dunno it's a matter of opinion I guess but I personally will not use anyone else's scripts without knowing exactly how they work. Without knowing you can't do maintenance, debug... and there could be security holes. If you want to use scripts available online or whatever it's fine but I'd suggest you make sure you understand the logic before going live with them.

 

Topic Solved! HAHA ur BALLIN Thankks for the help