CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> Archive -> GotoCode Archive

 MD5 password encryption

 Print topic Send topic

Author Message
Headhunter
Posted: 04/21/2003, 2:28 PM
I have 2 problems:

1st:

Changing a user password with MD5 encryption works only in update form and not in insert form. I do not know where to add the MD5 encryption.

Modified update method (working):

//Update Method @32-C955144C
function Update()
{
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeBuildUpdate");
$this->SQL = "UPDATE users SET "
. "login=" . $this->ToSQL($this->login->GetDBValue(), $this->login->DataType) . ", "
. "`password`=md5(" . $this->ToSQL($this->password->GetDBValue(), $this->password->DataType) . "), "
. "name=" . $this->ToSQL($this->name->GetDBValue(), $this->name->DataType) . ", "
. "email=" . $this->ToSQL($this->email->GetDBValue(), $this->email->DataType) . ", "
. "grp_id=" . $this->ToSQL($this->grp_id->GetDBValue(), $this->grp_id->DataType) . ", "
. "inactive=" . $this->ToSQL($this->inactive->GetDBValue(), $this->inactive->DataType);
$this->SQL = CCBuildSQL($this->SQL, $this->Where, "");
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeExecuteUpdate");
$this->query($this->SQL);
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "AfterExecuteUpdate");
if($this->Errors->Count() > 0)
$this->Errors->AddError($this->Errors->ToString());
$this->close();
}
//End Update Method


Unmodified insert method (don't know where to add it)

//Insert Method @32-EA979F7F
function Insert()
{
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeBuildInsert");
$this->SQL = "INSERT INTO users ("
. "login, "
. "`password`, "
. "name, "
. "email, "
. "grp_id, "
. "inactive"
. ") VALUES ("
. $this->ToSQL($this->login->GetDBValue(), $this->login->DataType) . ", "
. $this->ToSQL($this->password->GetDBValue(), $this->password->DataType) . ", "
. $this->ToSQL($this->name->GetDBValue(), $this->name->DataType) . ", "
. $this->ToSQL($this->email->GetDBValue(), $this->email->DataType) . ", "
. $this->ToSQL($this->grp_id->GetDBValue(), $this->grp_id->DataType) . ", "
. $this->ToSQL($this->inactive->GetDBValue(), $this->inactive->DataType)
. ")";
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeExecuteInsert");
$this->query($this->SQL);
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "AfterExecuteInsert");
if($this->Errors->Count() > 0)
$this->Errors->AddError($this->Errors->ToString());
$this->close();
}
//End Insert Method

2nd:

When I edit a user in a record form, inclusive password, and I don't change the password, the 32 character long text in the password field from the encrypted password is encrypted again when submitted (offcourse) and thus re-encrypted so the password is changed and isn't corect anymore.

Am I doing something wrong? Do I need to make another 2 forms for it? 1 for editing the user without password field and 1 for changing the password? Are there any other possibilities?

Thanx in advance

http://www.dbweaver.com
JD
Posted: 04/22/2003, 11:36 AM
on the insert form

This is how I do it, I can't seem to find the md5 encrypt above.

in the custome code section

global $formname;

$formname->fieldname->SetValue(crypt([enter the same number here], $formname->fieldname->Value));

This will crypt the password and enter the password in the database. To match the value in the database crypt or md5 the value you want to match.

For the edit form.

You need to make a seperate form for password changes. pass the userid in a seesion variable to pull the correct user. In a before show set the values to blank.

This is the way that I accomplish what I think you are asking for in my projects. Hope this helps.

J.D.
Provident Bank
Headhunter
Posted: 04/22/2003, 2:32 PM
Found sollution:

in Common.php search the following line:

$SQL = "SELECT id, grp_id FROM users WHERE login=" . $db->ToSQL($login, ccsText) . " AND `password`=" . $db->ToSQL($password, ccsText);

And change to: (look at the md5 section)

$SQL = "SELECT id, grp_id FROM users WHERE login=" . $db->ToSQL($login, ccsText) . " AND `password`=" . $db->ToSQL(md5($password), ccsText);

Insert method: (look at the md5 section)

//Insert Method @32-EA979F7F
function Insert()
{
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeBuildInsert");
$this->SQL = "INSERT INTO users ("
. "login, "
. "`password`, "
. "name, "
. "email, "
. "grp_id, "
. "inactive"
. ") VALUES ("
. $this->ToSQL($this->login->GetDBValue(), $this->login->DataType) . ", "
. $this->ToSQL(md5($this->password->GetDBValue()), $this->password->DataType) . ", "
. $this->ToSQL($this->name->GetDBValue(), $this->name->DataType) . ", "
. $this->ToSQL($this->email->GetDBValue(), $this->email->DataType) . ", "
. $this->ToSQL($this->grp_id->GetDBValue(), $this->grp_id->DataType) . ", "
. $this->ToSQL($this->inactive->GetDBValue(), $this->inactive->DataType)
. ")";
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeExecuteInsert");
$this->query($this->SQL);
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "AfterExecuteInsert");
if($this->Errors->Count() > 0)
$this->Errors->AddError($this->Errors->ToString());
$this->close();
}
//End Insert Method

Update method: (look at the md5 section)

//Update Method @32-C955144C
function Update()
{
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeBuildUpdate");
$this->SQL = "UPDATE users SET "
. "login=" . $this->ToSQL($this->login->GetDBValue(), $this->login->DataType) . ", "
. "`password`=md5(" . $this->ToSQL($this->password->GetDBValue(), $this->password->DataType) . "), "
. "name=" . $this->ToSQL($this->name->GetDBValue(), $this->name->DataType) . ", "
. "email=" . $this->ToSQL($this->email->GetDBValue(), $this->email->DataType) . ", "
. "grp_id=" . $this->ToSQL($this->grp_id->GetDBValue(), $this->grp_id->DataType) . ", "
. "inactive=" . $this->ToSQL($this->inactive->GetDBValue(), $this->inactive->DataType);
$this->SQL = CCBuildSQL($this->SQL, $this->Where, "");
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "BeforeExecuteUpdate");
$this->query($this->SQL);
$this->CCSEventResult = CCGetEvent($this->CCSEvents, "AfterExecuteUpdate");
if($this->Errors->Count() > 0)
$this->Errors->AddError($this->Errors->ToString());
$this->close();
}
//End Update Method

I also set the value for the password field in the before show event to empty. I now have to figure out how I can manage when the password field is empty, the update method should not change the database password value.

   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Web Database

Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.