Hi all

Has anyone adapted the sign up, login and forgotten password pages to work with SHA1? If so could you give me some help in getting it all to work together?

With thanks

Phil

Where are you having difficulty? What is the problem you are having? What have you tried?

Hi Ray

I've set up my users database table and run the securityassist wizard to create the register, login and send password pages, and that all works a treat, but I want change my code to be able to hash the passwords at register, login and email password.

Thanks

Phil

In the bindings tab there is a formatting option. You can add SHA1 encryption to any value from there.

You would just update the bindings and add encryption on the four pages you specified.

Hi Ray,

I can't see any option under the bindings tab. Should it be a sub menu of securityassist?

Thanks

Phil

When you click a lighning bolt from an insert, update, or other server behavior... you should see a format dropdown list below the tree where you select the binding.

I'm trying to do my login page first

prop_users_LogIn.php

which has a form called WAATKLogInForm with username and password fields

but I can't see anything in the bindings panel that will allow me to change the formatting to SHA1. I'm using CS3

Thanks

Phil

You should be editing the server behavior and clicking the lightning bolt where you bind the password value.

Gotcha! Thanks Ray. Easy when you know how.

Thanks again

Cheers

Phil

Me again, sorry to pester you with this. How can I achieve the reverse so that when the retreive password email is sent it's converted back from SHA1?

Thanks
Phil

This is what I get in the body of my email

Your login details are as follows

User name: bigphil62@gmail.com
Password: da06a0225460dd13c808c2751502803b37501978

You can't convert back from SHA1. It is a one-way encryption.

Lost password in an SHA1 encrypted scenario has to give someone hints, or allow them to reset the password.

The reason why SHA1 is so good for security is that you can't unencrypt it.