Stinky Starfish escreveu:
> Hello all,
>
> I have done some searching on the forums, but I don't
see anyone with quite
> the same issue I'm experiencing.
> I'm having an issue, with the way the password is
checked with the server.
>
> When connected to the server I can see the users
passwords are encrypted. When
> the users password is normally entered, the log in
fails.
> I.E. User1 Password123
>
> However, if the hash string is entered, the login is
successful.
> I.E. User1 8fb188f854ff0f1f8200c631ff9158dd
Probably it has an error of programming.
Passwords are recorded in data bases, never encrypted, but,
yes,
codified. ( sha, md2, md4, md5, crc, etc... hashing ).
When an user enters a password, and this uses one of these
processes of
codification to be recorded in the data base, the entered
password must
be compared with this codified value.
The form used to get the password, must have a routine of
conversion for
the used hash and, this hash is what must be verified!
>
> I hope that makes sense
>
> This is a working data base, from a forum a friend and
me use. It seems like
> there is a authentication step missing, but I'm not sure
where. Can anyone help
> please. =-/
>
And now, it makes sense for you?
--
zerof
http://www.educar.pro.br/
Apache - PHP - MySQL - Boolean Logics - Project Management
----------------------------------------------------------
Você deve, sempre, consultar uma segunda opinião!
----------------------------------------------------------
Deixe todos saberem se esta informação foi-lhe
útil.
----------------------------------------------------------
You must hear, always, one second opinion! In all cases.
----------------------------------------------------------
Let the people know if this info was useful for you!
----------------------------------------------------------
2
Replies
AdChoices