CodeCharge Studio
search Register Login  

Visual Web Reporting

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.

YesSoftware Forums -> Archive -> GotoCode Archive

 Encrypting/Decryting Passwords ?!?

Print topic Send  topic

Author Message
George L.
Posted: 01/02/2002, 8:20 AM

I am trying to find out the best method of encrypting a password upon creating a user in a record form. The below method is what I am using in my Before Insert Event:
$fldUSER_PASS = crypt($fldUSER_PASS,substr($fldUSER_NAME,0,2));

In order to decrypt correctly upon login, I put this in my Custom Login Event:
$sPassword = crypt($sPassword,substr($sLogin,0,2));

Here is the problem. These two methods do exactly what I want them to do, since the SALT for this encrytion type is the same, it comes back true every time. But, when I want to go and modify existing user info, it shows the encrypted password everytime. That means that if for example I am only needing to change the user's phone number, then I must also change the user's password as well, or else the password will be set to the encrypted string, then encrypted again. ?!?

If I am making sense, here is what I want to do: I want to be able to show a user's DECRYPTED password when changing his/her user info. I am not able to do this with the crypt function, since it is a one-way hash algorithm.

Anybody know of an easier/better way to encrypt/decrypt passwords in database?
Alex Alexapolsky
Posted: 01/03/2002, 2:37 AM

You should show crypted password from db ,
then crypt the second password in Before Update event ,
and compare both crypted ones in Validation event.
George L.
Posted: 01/03/2002, 7:39 AM

Yes, but is there a way to de-crypt a password that is already encrypted. I know the crypt function in PHP cannot, because it is a one-way algorithm. Is there an alternate way to encrypt and decrypt>?
Posted: 01/03/2002, 7:09 PM

George, I had the same problem.

what I did was create a form that included all the fields including the encrypted password. I made a special note for the password field, that this was the end result of encrypting the password.

Then, I created a separate form to change the password if necessary. It contained the same custom login event that you had.

A bit of a pain, but it didn't require me to do any manual coding.

Mark Andrews
Posted: 01/04/2002, 2:45 AM

I use a hidden field for the encrypted password and two non-database fields for password and password verification. These have a caption saying "leave blank to retain current password".

If password1 is non blank I compare with password2 and throw an error if they are different. If they are the same then I update the hidden encrypted field with the new password.

Only problem with this approach is that there is no provision for a "Lost Password" facility other then a password reset by admin.

You could keep a copy of the non-encrypted password in another field that is just used for the password update screen, but I decided against this approach for my sites.



These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit

MS Access to Web

Convert MS Access to Web.
Join thousands of Web developers who build Web applications with minimal coding.

Home   |    Search   |    Members   |    Register   |    Login

Powered by UltraApps Forum created with CodeCharge Studio
Copyright 2003-2004 by  and YesSoftware, Inc.