close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

MySqli Authentication: How to Convert Text Password to Encrypted Password

Thread began 8/07/2018 10:28 am by administration282761 | Last modified 8/25/2018 1:02 am by Ray Borduin | 129 views | 10 replies |

administration282761

MySqli Authentication: How to Convert Text Password to Encrypted Password

I have a MySqli generated user authentication login system which currently uses text passwords.
1. I would like to add a new field to the DB table for an encrypted password and then update each user's password as encrypted. How do I input into this this field via an update form using the appropriate security such as "crypt" ?
2. With forgot password I would like to then be able to e-mail a link for the user to update their password.
3. Can I adapt my current login system or should I start over from scratch?

Sign in to reply to this post

Ray BorduinWebAssist

First you would have to update your login and user update page to make sure they save an encrypted value in the database. I'd probably create a copy of the existing pages and edit them to get that working.

Then you can work on updating the login page to work with the newly registered users.

Then the final step would be to create the update password page and send out the emails to the existing users to update their passwords. Make sure your forgot password page uses the same reset password logic for users that might miss the email.

I wouldn't start from scratch, but it isn't a small amount of work to pull off with all of the pages effected.

Sign in to reply to this post

administration282761

Insert / Update Encrypted Password

I need to build a new log-in system based on existing users. The issue I have is that I have three sections of our website that require a log-in and I have three different user tables. As some of the users have access to one or more sections, they have to log-in to each section separately. I would like to create just one table that manages all the passwords for all of the sections. I assume I can join the tables via the e-mail address field.

So I have created a new table that is already populated with existing user data.
If I add a new user, or update an existing user how do I add a new encrypted password - for example to the following insert code?

And, is there an advantage to use "crypt" instead or "hash" to encrypt the password?

$InsertQuery->bindColumn("new_password", "s", "".((isset($_POST["new_password"]))?$_POST["new_password"]:"") ."", "WA_DEFAULT");

Thanks

Sign in to reply to this post

Ray BorduinWebAssist

You would just wrap the second reference to $_POST["new_password"] with the encryption function you want to use, like:

$InsertQuery->bindColumn("new_password", "s", "".((isset($_POST["new_password"]))?hash("sha256", $_POST["new_password"]):"") ."", "WA_DEFAULT");

Sign in to reply to this post

administration282761

Thanks, Ray. I have the PW encryption working!

Sign in to reply to this post

administration282761

I will probably need a premium support ticket on this. However, I have tried to update one of my log-in forms by joining the new table with an existing table using the common email address. However, I am getting "There is an error in your SQL syntax" when I try to log-in. So something is not right.

sa_user is my new table
class_admin is the data table I need to access
and
sa_password is the new encrypted password
class_email and sa_email are identical in both tables

Thanks for any help.
-----------------------------


<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$Authenticate = new WA_MySQLi_Auth($mysqli2);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "user";
$Authenticate->Table = "sa_user";
$Authenticate->addFilter("sa_password", "=", "s", "".((isset($_POST["sa_password"]))?$_POST["sa_password"]:"") ."");
$Authenticate->addFilter("class_email", "=", "s", "".((isset($_POST["class_email"]))?$_POST["class_email"]:"") ."");
$Authenticate->storeResult("class_admin_id", "class_admin_id");
$Authenticate->AutoReturn = false;
$SuccessRedirect = "en/index.php";
$FailedRedirect = "log_in_failed_en.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
}?>
<?php
$rsMarket = new WA_MySQLi_RS("rsMarket",$mysqli2,1);
$rsMarket->setQuery("SELECT * FROM class_admin INNER JOIN sa_users ON class_email = sa_email WHERE class_admin_id = ?");
$rsMarket->bindParam("i", "".(isset($_GET['class_admin_id'])?$_GET['class_admin_id']:"") ."", "-1"); //colname
$rsMarket->execute();
?>

Sign in to reply to this post

Ray BorduinWebAssist

That usually means a column name is wrong. You can turn on debugging in your rsobj.php file and it may give you a better error.

Sign in to reply to this post

administration282761

So far no luck with deciphering the Syntax error.

So I decided to test the encrypted password on an existing table where I added a new PW field: sa_password and then I updated a record with an encrypted password.

Using the same log-in page with the same MySQli authentication code and which I also changed the input form field name from member_password to sa_password

This code works using the password as pure text:

$Authenticate->addFilter("member_email", "=", "s", "".((isset($_POST["member_email"]))?$_POST["member_email"]:"") ."");
$Authenticate->addFilter("member_password", "=", "s", "".((isset($_POST["member_password"]))?$_POST["member_password"]:"") ."");

but this code using the new encrypted password does not:

$Authenticate->addFilter("member_email", "=", "s", "".((isset($_POST["member_email"]))?$_POST["member_email"]:"") ."");
$Authenticate->addFilter("sa_password", "=", "s", "".((isset($_POST["sa_password"]))?$_POST["sa_password"]:"") ."");

Does something else need to be changed in order for the encrypted password to be recognized?

Sign in to reply to this post

Ray BorduinWebAssist

Yes, you would have to encrypt the password in the authenticate server behavior as well so you are comparing encrypted value to encrypted value. Currently you are looking up an unencrypted value.

Sign in to reply to this post

administration282761

Thanks Ray,

I now have it working with this code:

$Authenticate->addFilter ("sa_password", "=", "s", "".((isset($_POST["sa_password"]))?hash("sha256", $_POST["sa_password"]):"") ."");

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...