Hello, all.
In the past, I always used HASH to encrypt the password for
users; all I needed to do was to check the HASHed value from login
and compare to what is in the db - simple.
Now I have a client that would like to add a password
retrieval system to the site. I'm having difficulties with the
values never being the same. Originally I tried encrypting with
BLOWFISH, but that didn't work for decrypt. Here is the code I
have, so far:
APPLICATION.CFM:
<cfset request.cryptAlgorithm = "DESEDE">
<cfset request.cryptEncoding = "HEX">
<cfset request.cryptKey =
GenerateSecretKey(request.cryptAlgorithm)>
<cfset request.cryptPhrase = "Eightcha">
LOGINACTION.CFM
<cfset session.user.password =
URLEncodedFormat(Encrypt("#trim(form.password)#", request.cryptKey,
request.cryptAlgorithm)) />
<cfset session.user.SQLpassword =
trim(replace(session.user.password,"'","''","all")) />
<cfquery name="checkLogin" dbtype="odbc"
datasource="#request.data_source#">
EXEC check_login @Deleted User='#trim(session.user.username)#',
@pw='#trim(session.user.SQLpassword)#'
</cfquery>
<cfdump var="#checkLogin#"><cfabort>
I'm dumping the results of the query and aborting to view the
values; the password is always changing. How can I keep the value
always the same?
Thanks,
^_^
28
Replies
AdChoices