Link to home
Start Free TrialLog in
Avatar of hiepho
hiepho

asked on

how to query and edit Password field

i have a simple table like this: name, address, email, password.
i insert records using password encryption like so ... PASSWORD('$password')
the password is "test" and it looks something like this "378b243e220ca493" when it is stored in mysql

i have an edit page and when i query a record the password field is displayed "378b243e220ca493". i want it to display "test" instead so that i can edit it.



ASKER CERTIFIED SOLUTION
Avatar of gamebits
gamebits
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Richard Davis
Richard Davis
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of soapergem
soapergem
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of tolgaong
tolgaong
Flag of Türkiye image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of soapergem
soapergem
Flag of United States of America image
So what tolgaong is saying here is that instead of using the MySQL function PASSWORD(), you should use the PHP function encrypt() that he just defined in his comment. So you would make your queries like this:

"SELECT * FROM users WHERE username = '$username' AND PASSWORD = '" . encrypt($key, $password) . "'";

Then you can actually retrieve this data and decrypt it using the PHP function decrypt() that he defined above. You could decode passwords using a query like this:

"SELECT password FROM users WHERE [something something something]"

And then with the MySQL result, you could get the password like this:

$password = decrypt($key, $rowset[0]['password']);

---------------------------------------------------------------------------------------------

But all-in-all, that's very complicated. To top things off, as tolgaong has already astutely pointed out, you'd have to make sure that your webserver supports the mcrypt_ functions in PHP. Why do you need to decrypt passwords anyway? It's MUCH simpler to just use one-way encryption and then forget about them.