Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have an application written in php Ver. 3.
The application has a users file with usernames and passwords. The passwords are encrypted using the PASSWORD() function.
We need to transfer this file and utilize it under a system using php 5.
We tried to use the password() function again to check the validity of a password entered by the user, but the encrypted results don't match.
Any ideas?
Thanks.
PHP has never had a PASSWORD() function. If you're talking about the MySQL function, the hashing algorithm was change in MySQL 4.1 (a long time ago). You can use OLD_PASSWORD() to generate password hashes using the old method, or you can set the old_passwords system variable to have MySQL default to it.
In any case you should make arrangements to migrate from the old system to the new one. Since you can't know what the old password was, you'll probably need to code a mechanism to force users to change their passwords and track which version they're using.
The MySQL reference on this is here
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have to create a simple php page which update user's password in database, i've to enter password in same encrypted format in which website storing it in. I don't know much about working of laravel. Password stored in database is "$2y$10$pFYa/ruRVbDbr9KJs67XLOLXg6XNo9t8hkREI/xyAR54/42HO7zXC" which is "Freelance" in actual. How can i find out how it's encrypting "Freelance" to this format so that I can also store new password in database in similar format. Thanks!
It's storing the hash in the database as bcrypt with 10 rounds.
$2y$represents bcrypt and 10$ shows 10 rounds.
Use the password_hash function in PHP e.g. password_hash("password", PASSWORD_BCRYPT, ["cost" => 10]);
Alternatively, there are a few sites which you can use e.g:
http://fipi.ch/php-online/hash-bcrypt.php
http://aspirine.org/htpasswd_en.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm coding a CMS, but does this work?
MD5(MD5(username+password)+salt+rsalt);
The rsalt stands for Randomized salt but how can i randomize a salt anyway?
You can randomize the salt if you are storing said salt in the user's table. Otherwise, how will you be able to tell if the hash is correct?
MD5 is not a secure hash function. You should use something like password_hash if you have PHP >= 5.5 or the password_compat library by ircmaxell if you're using an earlier version.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have this code that inserts user data into a database.
mysql_connect("server address","username","password");
mysql_select_db("login");
mysql_query("INSERT INTO login(name,username,password,email)VALUES('$_POST[fname]','$_POST[username]','$_POST[pw]','$_POST[email]')") or die("cannot execute the query");
I have an issue here. There is a username and password to enter into my server and there is also another username and password to use my database.
Where should I mention both username's and password's?
The mysql_connect() has absolutely nothing to do with server logins, and only has to do with MySQL login.
That being said, you have a number of issues:
You are using deprecated mysql_* functions. You should use mysqli extension of PDO instead.
You are horribly vulnerable to SQL injection attackes. NEVER, EVER, EVER use directly input data from the user (like $POST, $_GET, etc.) without first sanitizing/validating it.
You really should get in the habit of checking the response for each function and handling errors appropriately. For example, you should never even get to mysql_query() line of code if you mysql_connect() and mysql_select_db() calls are not successful.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
How can I protect PHPMYADMIN with password? I mean that whenever I will go to localhost/phpmyadmin it will ask for username and password, only after given the right username and password, it will allow the user to view all of the databases, tables and so on.
Thanks in advance!
PHPMyAdmin should ask for a user already, unless you somehow avoid the log in if you're on localhost.
Either way, from PHPMyAdmin you can create and edit users. Simply add a user to view the database with, and make sure there are no accounts that can see the database without a username and password.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I have seen log-in pages where the page asks for a random field from your password. For example, enter the second, fifth and first character from your password. And if you refresh the page it will ask for some other random fields.
I have two questions about this:
How do I fetch the length before the user POSTs the password and not ask for fields that do not exist? For example, the password length is a four digit number and the app won't ask for the fifth character.
Is it a good idea to transform the password stored in the database to an array and then check for certain fields in the array? For example, Third character == password[2].
A PHP or Ruby sample implementation will be more than useful.
Thanks.
I'm curious if this validation is being done on the actual password that is being stored in plain text in a database (which would be bad), or if this validation is simply trying to avert bruteforce attacks by having the user validate the password they just entered. Kind of like a captcha. If the later is the case, maybe you could implement something in javascript. Here is a fiddle of something like that.
http://jsfiddle.net/fTPJy/1/
$apparently = 'I have to post code to link to a jsfiddle';