password encryption

chinni_77

hello,

can somebody give me the links of some tutorials regarding to place a user id and password(in encrypted form) to access a directory and later i need to change the password too.

I've some idea about user authentication and i also worked on simple example like creating a table called users which has user name and password and if they are matched they are logged in.But, the password in the table is not in the encrypted form.

if somebody have an example, that would be also fine.

thanks in advance.

jowatkins

This uses the SQL encryption, someone else might be able to give you something better.

$insert_result = mysql_query("INSERT INTO users (username, password) VALUES ('$username', password('$password') )");

$check_result = mysql_query("SELECT * FROM users WHERE username='$username'and password = password('$password')");

$update_result = mysql_query("UPDATE users SET password = password('$new_password') WHERE username = '$username'");

Each time you refer to the password you just call it in the query as password($password)

alsaffar

First of all you need to create a table call it Users with UserName and Password fields.

When a user register with you, you'll insert his UserName and Password in Users table (Assume you're using a form for signing up and field's names are signUserName and signPassword):

<?

$EncryptedPassword = md5($_POST[signPassword]);
$UserName = $_POST[signUserName];

$Query = "INSERT INTO Users (UserName, Password) VALUES ('$UserName','$EncryptedPassword')";

$Result = mysql_Query($Query);

?>

and when you the user wants to login, just check his UserName and Password (Assume you're using a form for login and the field's names are loginUserName and loginPassword):

<?

$UserName = $_POST[loginUserName];

$Query = "SELECT Password FROM Users WHERE UserName = '$UserName'";
$Result = mysql_query($Query);

$EncryptedPassword = md5($loginPassword); 
$row = mysql_fetch_array($Result);
$PasswordFromDB = $row[0];
if ($EncryptedPassword == $PasswordFromDB)
{
echo "You're logged in!";
}
else
{
echo "You're not authorized";
}
?>

I hope this will help you.

chinni_77

Thanks alsafar!

I made some modifications because of the change in the PHP version and itz working fine.Now, after successfully logging in, i would like to change my password.
I.e, first, i would like to type the old password and new password, re-enter the new password.
If the old password is the same as that is exsisting in the table and if the new-password and the re-entered password is same, then the table should be updated with the new password.
There would be only one user in the table, that is admin.

do you have any idea how we can implement this one.

Thanks in advance!

alsaffar

AnyTime chinni 😉

Well to solve ur password editing problem u'll need this script:

<?
// Assuming that the password that is stored in the database is encrypted
$Query = "SELECT Password FROM Users WHERE UserName='$HTTP_POST_VARS[UserName]'";
$Result = mysql_query($Query);
$Row = mysql_fetch_array($Result);
$PasswordFromDB = $Row[0];

// Assuming that you have 4 fields in your form, [B]editOldPassword[/B], 
// [B]editNewPassword[/B], [B]editNewPasswordConfirm[/B] 
// and the [B]UserName[/B] where you store it some where 
// in a cookie or a session just to retrieve some info from your DB

   if ($HTTP_POST_VARS[editOldPassword])
   { 
      if (md5($HTTP_POST_VARS[editOldPassword]) != $PasswordFromDB) 
      {
         print "<script language=\"JavaScript\">\n";
         print "{\n";
         print "alert(\"Sorry, the old Password isn't correct, please try again\");\n";
         print "history.back();\n";
         print "}\n";
         print "</script>\n";
      }
      else
      {
         if ($HTTP_POST_VARS[editNewPassword] != $HTTP_POST_VARS[editNewPasswordConfirm])
         {
            print "<script language=\"JavaScript\">\n";
            print "{\n";
            print "alert(\"Sorry, but your new password isn't matched, please recheck\");\n";
            print "history.back();\n";
            print "}\n";
            print "</script>\n";
         }
         else
         {
         $EncryptedPassword = md5($HTTP_POST_VARS[editNewPassword]);
         $Query = " UPDATE Users SET Password = '$EncryptedPassword' WHERE UserName='$HTTP_POST_VARS[UserName]' ";
         $Result = mysql_query($Query);
         }
      }
   }

?>

Hope this will solve your puzzle 🙂

chinni_77

hello alsafar!

today morning i tried to do it my self and i was successful partially.That is, i am able to update the old password after checking if the password entered twice is the same. here it goes my script.

<?

 include "dbconnection.ini";
	if ($submit){
    if ($newpassword <> $newpassword2){ 
        echo "passwords do not match. please re-enter passwords!"; 
    //exit;
    }else{  

         $sql="update TBL_USER set USER_PASSWORD= '".md5($newpassword)."' where USER_NAME ='admin'";

     $result=ibase_query($connection,$sql); 
}
if (!$result){ 
    echo "Error executing the update statement. <br />Interbase Reported:".ibase_errmsg()." <br/>".
	"SQL=$sql_update<br />\n";
}else { 
    echo "Password successfully changed!"; 
} 

} else {
echo"<form action=\"$PHP_SELF\" method=\"POST\">\n";
echo"<h4>Change administrator password</h4>";
echo"New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"password\" name=\"newpassword\"><br> ";
echo"Repeat new pasword:&nbsp;&nbsp;&nbsp;<input type=\"password\" name=\"newpassword2\"><br> ";
//echo"<input type=\"hidden\" value=\"$USER_NAME\" name=\"username\">";
echo"<input type=\"submit\" value=\"submit\" name=\"submit\">";
echo"</form></body></html>"; 
}

?>

I would like to compare your script with mine in order to make it work by checking the old password too.then, i'm done with my script.
thank you so much and have a nice weekend!;-)