using MD5 encryption

Hello,

I am sure that I have seen a post that contained this information previously, but I'll be darned if I can find it using the search function. ;)

I have some existing sites that were built using ADDT and I have been slowly switching them over to use WebAssist's (WA) extensions due to the rapid demise of ADDT. =[ RIP ADDT ]=

On most of these sites the last thing that I have to switch over is the user login, registration, activation, etc pages.

I remember seeing a post that explained how to use MD5 encryption with the WA SecurityAssist (SA) which would mean that none of my users would have to deal with their passwords not working - some sites have so many that I wouldn't want to deal with it. I can not for the life of me find that post anywhere.

Anyone have any feedback on how this can be done? :)

Heh.. thanks to Google I found it. :) showpost.php?p=19880&postcount=3

Any reason not to use this method currently?

  

Jason Byrnes

WebAssist Technical Support Manager
Join Date: Oct 2006
Posts: 13,805

On the registration page, double click the Insert record server behaivor. The password column is set to:

<?php echo ((isset($_POST["UserPassword"]))?$_POST["UserPassword"]:""); ?>

change that to;

<?php echo ((isset($_POST["UserPassword"]))?md5($_POST["UserPassword"]):""); ?>

You will also have to change the login page. on the Second page of the Authenticate user server behavior, change the password binding:

<?php echo ((isset($_POST["userpassword"]))?$_POST["userpassword"]:""); ?>

to:

<?php echo ((isset($_POST["userpassword"]))?md5($_POST["userpassword"]):""); ?>

  

That should do the trick... php has the built in md5() function you can use anywhere you need to.

Hi Ray,

Yes things look to be working well, in fact I have abandoned the Wizard pages so that I can create my own using DataAssist - I want more functionality than the standard SA ones offer.

My stumbling block now is on an administrative user update form - how do I get the password to update and encrypt when a value is entered but just leave the original password as is (it is already encrypted) if no entry is made in the password field (similar to the way that the hidden field default value works for the file upload behaviour.)

Has anyone overcome this issue?

<?php echo((isset($_POST["userpassword"]) && $_POST["userpassword"]!="")?md5($_POST["userpassword"]):$row_UpdateRS['passwordColumn']); ?>

(just make sure the update code chunk is below the UpdateRS recordset.)

Hi Ray,

Not sure what you mean by make sure the update code chunk and the updateRS recordset...

I think you mean make sure that the recordset is created before the update is enacted in the code order correct? :)

Correct... since you can't really "skip" the update, you end up updating the field but setting it to the current value from the recordset, which in effect is the same since the value doesn't change.

Yes, I see it now - that is exactly what I wanted to do. I never looked at that variable code very closely before but now I see that it is a ternary (sp?) operator. That makes things much more powerful. ;)

Now the last hurdle is that I have dual password fields to ensure that the password is entered correctly (pretty standard) and I am using WA Server Validation to make sure that they are the same before the password is inserted.

I guess that if I allow blank entry to pass here then this will all work. :)

Thank you very much.