Using the crypt function

Report · Oct 31, 2007

Hi, I have a login page and I want to encrypt the password. Do I have to encrypt it first and then put it in the DB? I already have one "regular text" user name and pass word in there to test and everthing works fine, I got restrict access to work on the admin page after login . So, my next step is to tighten up security a little. I searched around the web and could only find static examples of the crypt function like the one below. Not quite fitting what I need to do. I did read on another site where you would need to put the passwords in the DB already encrypted by PHP and then write a script to compare them. I don't neccessarily want to create encrypted passwords on the fly ( I think), as in the case of a new user type scenerio, just have a few users to login to this admin section and want these " ****** " to show up in the password form field.

Report · Nov 01, 2007

steevo2 wrote:
> Hi, I have a login page and I want to encrypt the password. Do I have to
> encrypt it first and then put it in the DB?

Yes. The best way to do this with PHP is to use the sha1() function,
which produces a 40-character encryption of a string. This means that
your password column in the database must be set to 40 characters wide.

Dreamweaver doesn't have a way to encrypt data before inserting it in
the database, so you need to do it manually. Put this at the top of the
page the contains the user registration form:

<?php
if (isset($_POST['password'])) {
$_POST['password'] = sha1($_POST['password']);
}
?>

> I did read on another site
> where you would need to put the passwords in the DB already encrypted by PHP
> and then write a script to compare them.

All you need to do is add the same code as above at the top of the page
that uses Dreamweaver's Log In User server behavior.

> want that ****** to show
> up in the password form field.

That is done by selecting Password as the Type for the input TextField
element in the Property inspector.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Nov 01, 2007

HI David,

Thanks again. I put the code at the top of my page and changed the char length to 40. Oh , and password as input - type (duh), thought I had that in there, must have missed it. It works, but I am not sure it is getting encyrpted. Does it encrypt the value I had already set in the DB? I checked the DB after I tested a login session,and nothing is different except that the char length is set to 40, my password is only 6 char , which I set manually. I think I missed something obvious here.

Steve

Report · Nov 01, 2007

steevo2 wrote:
> Does
> it encrypt the value I had already set in the DB?

No. Any values already stored in the database will be unchanged. You
need to encrypt the password before it's inserted into the database.

You should also be aware of the fact that this is one-way encryption.
You cannot decrypt the password, which is why you compare two encrypted
versions. If anyone forgets their password, a new one needs to be generated.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Using the crypt function

1 Correct answer