Encrypting Passwords (Insert Records/Authenticate)

How do I encrypt passwords and insert them into a database and then export them out to authenticate? Under Security Assist, there are no options listed. Thank you.

The encryption options are displayed in the bindings window in the "Format" select list. If you open your webassist insert record server behavior and click the lightning bolt to set a value for a column. The bindings window will open with a "Format" option. That should have the encryption options listed in it. If they aren't listed let me know and I can help you get them added back in.

The only options are text, integer, double, date, checkbox. So, it looks like I am missing those. When it comes to authenticating the user, is there an option on that side on the login screen that I also should see to decipher the encryption?

The dropdown is in the popup after clicking the lightning bolt. I think you are looking at the wrong list.

Oh. I see it. For a password, would I choose Encode: HTML Encode? I have alphacase, encode, and trim as the options.

You should have more options.

Try replacing the file in your local user's configuration folder for Dreamweaver CS4:
C:/Users/[YOUR USERNAME]/AppData/Roaming/Adobe/Dreamweaver CS4/en_US/Configuration/ServerFormats/PHP_MySQL/Formats.xml

That worked. I see Encryption hashed on there. So, my next issue is that since this is a live site, there are already passwords in the database saved with out being hashed. Do I have to convert them somehow for the system to be able to authenticate these now before I change the Insert record and authenticate code to use the Encrypt: hash format?

Do I just run this on the database:

update nameoftable set password=sha1(password) where 1;

Also when selecting that format should the binding code be different then this? This is what I get.

$UpdateQuery->bindColumn("password", "s", "".((isset($_POST["password"]))?$_POST["password"]:"") ."", "WA_IGNORE");

I'd back up the database first, since that would be a disaster if it didn't work properly or if you accidentally ran the query twice, but yes.

Honestly I'd create a copy of the table and then create a second login page to make sure everything works with the second table before making any changes live.

Ok. I will give that a try. Thanks

I copied the table in the database and converted them to hash. I made a test login page and It doesn't seem to work. Any thoughts?. I did a test and here is the login code:

<?php
if (isset($_POST["submit"]) || isset($_POST["submit_x"])) {
$Authenticate = new WA_MySQLi_Auth($sdpc_i);
$Authenticate->Action = "authenticate";
$Authenticate->Name = "sdpc_login_test";
$Authenticate->Table = "users2";
$Authenticate->addFilter("username", "=", "s", "".((isset($_POST["username"]))?$_POST["username"]:"") ."");
$Authenticate->addFilter("password", "=", "s", "".((isset($_POST["password"]))?$_POST["password"]:"") ."");
$Authenticate->AutoReturn = false;
$SuccessRedirect = "index.php";
$FailedRedirect = "error.php";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
}
?>