Password Encryption

trinitywave

Hi every one, i cannot figure out how to encrypt a password when enterring into the database.... This is my code if anyone can help me out please let me know...

<?php require_once('../Connections/nordeggrocks.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO tb_clients (Username, Password) VALUES (%s, %s)",
GetSQLValueString($HTTP_POST_VARS['Username'], "text"),
GetSQLValueString($HTTP_POST_VARS['Password'], "text"));

mysql_select_db($database_nordeggrocks, $nordeggrocks);
$Result1 = mysql_query($insertSQL, $nordeggrocks) or die(mysql_error());

$insertGoTo = "administrationtools.php";
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right">Username:</td>
<td><input type="text" name="Username" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Password:</td>
<td><input type="text" name="Password" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" value="Insert Record"></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
<p> </p>

</body>
</html>

Any ideas on how to encrypt the password enterred into mysql

drew010

sql has its own crypt function for storing passwords. its usable just by doing "INSERT INTO whatever VALUES('name', 'email', password('password'), 'date')"

trinitywave

How would i enter this in this scrypt

i keep getting this error

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '('password'))' at line 1

laserlight

You're getting an error because you're using reserved words, e.g. password, in your query.

You need to change it, e.g.

$insertSQL = sprintf("INSERT INTO tb_clients (`Username`, `Password`) VALUES ('%s', password('%s'))",
	GetSQLValueString($HTTP_POST_VARS['Username'], "text"),
	GetSQLValueString($HTTP_POST_VARS['Password'], "text"));

saidbakr

🙂 Ok, that's so nice.
Now the password value is encrypted inside the database using password function of sql.
So what's happened when I would like to retrieve its value again?

laserlight

Read the other thread.