Solved

Crypting cooking information!

Posted on 2004-08-31
8
263 Views
Last Modified: 2013-12-12
Ok this is what I did:
1. Put the $username, Crypt($password) in the cookie file
2. When I read it, I need 2 verify the same password with the one on MySQL database but I see that mysql has no Crypt function!

Is there any other way of doing the same thing that I have mentioned here!
0
Comment
Question by:Xtry
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:llcooljayce
ID: 11944596
Hi Xtry,

Try using md5() instead of crypt

Cheers!
0
 

Author Comment

by:Xtry
ID: 11944749
is md5 1 way encryption?
0
 
LVL 4

Assisted Solution

by:llcooljayce
llcooljayce earned 50 total points
ID: 11944792
I believe so.  You can go to www.php.net/md5 to find out how to impliment it
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 27

Accepted Solution

by:
Diablo84 earned 200 total points
ID: 11945094
Strictly speaking MD5 is a hash (not encryption), it is the most common method of storing passwords in a cookie however as the original value cannot be recovered it depends on the password being stored in the database as an MD5 hash.

So you have two options, one is to update your database with all the passwords as an MD5 hash and then use md5($password) when you store the balue in the cookie. The other is to use an alternative method using base64 to encode the value.

when you set the cookie use base64_encode($password) and when you read from the cookie use base64_decode to retrive the original value. This is not what base64 encoding was designed for however it will work for this purpose and will mean less changes to your system.

http://www.php.net/manual/en/function.base64-encode.php
http://www.php.net/manual/en/function.base64-decode.php
0
 
LVL 10

Assisted Solution

by:frugle
frugle earned 250 total points
ID: 11946876
Diablo, base64 encoding passwords is a pretty inefficient way to store passwords, as it is easy to spot base64 encoding and most people can decode base64 in their heads.

The correct technique to do is use one-way encryption (crypt or md5) and store the result.

Take the input from the user, encrypt it with the same salt, and compare the resulting string with the stored string.

If the two strings are the same, the password must have been correct.

The benefit of md5 is that both php and mysql can do it.

Mike
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11947308
@ frugle

Agreed with regards to base64, MD5 is the better method but described above it will mean more modification to the system so i was looking towards an easier alternative.

>> most people can decode base64 in their heads

Maybe so for advanced computer literate users but I doubt most computer users have even heard of base64 (refering to the average user)... and for that matter probably wont know that much about cookies. The actual cookie is also restricted to the local machine so its not that easily accessible.

Nonetheless i am not promoting using base64, MD5 should be used but as i said before it means updating the password field in the database rather then just modifying the script.

0
 

Author Comment

by:Xtry
ID: 11949852
Cant I just do something like encrypt the password with MD5 and rather than changing all the passwords in the database do this:

SELECT * FROM `userdb` WHERE `username` = '$usernameFromCookie' AND md5(`password`) = '$md5EncryptedPasswordFromCookie';
0
 
LVL 10

Assisted Solution

by:frugle
frugle earned 250 total points
ID: 11950456
as long as the password in the cookie is the same as the crypted password that's stored in the database, yes.

you could also quickly md5 all your passwords in your database by performing an update query:

update table set `password` = md5(`password`);

WARNING: this operation is unreversible - backup your data first.

Mike
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question