2

I have to make a register form for users.. they have a DB called Deparment, within table name users.. DB Deparment holds varius columns, including "mail" "password", they use ftp acounts, and mail acounts to read from users table of Deparment DB.

They created user's direct into MySQL using:

INSERT INTO `users` (`email`, `password`) VALUES ('[email protected]', ENCRYPT('UserPassHere'));

Until there everything works... "[email protected]" with his password >> "UserPassHere".. can log into mail and ftp, with the same pass and username.

I'm trying to created that login form but not luck.. here is what i have been tryed in form_validator.php :

INSERT INTO users (email, password) VALUES ('$_POST[email]', '".ENCRYPT($_POST['password']))"; INSERT INTO users (email, password) VALUES ('$_POST[email]', '".MYSQLENCRYPT($_POST['password']))";

if I use md5 or crypt, data get inset into DB but MAIL and FTP can read the password..

I have not idea how to make password match their ENCRYPT deal..?

Improve this question

1 Answer 1

Reset to default
2

MySQL's ENCRYPT() function is equivalent to the crypt() function in many other languages (e.g, PHP, perl, python). The exact results of a given call to crypt() may be unpredictable, based on the implementation, as the salt can be chosen randomly. To give reproducible results (e.g, to check a password), pass the current password hash as the second argument to the function.

In the future, please urge your coworkers to use secure password storage schemes. Here's one such: http://www.openwall.com/phpass/

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

It must be my inner 13-year old, but I chuckle every time I see mention of phpass. Such an unfortunately named project.
@duskwuff ... MySQL's ENCRYPT() function..?.. they allready had made that way.. in order to implement (insert) other type of encryption (like md5).. have they to change conf. files?... If yes.. what do I tell them?.. thanks for any help.
Wait, I was thinking of PASSWORD(), not ENCRYPT(). Updated answer accordingly!
@duskwuff thanks.. so back to the point, how do I suppose to make a register form that store a password matching their current configuration... remember that INSERT ENCRYPT does not work at all... How do I INSERT a password that get into Table, matching their conf..?.. thanks for all your help
Forget to said that they will not let me change their configuration files.. and if I use > INSERT INTO users (email, password) VALUES ('$_POST[email]', '".CRYPT($_POST['password']))"; does insert values into tbale, but mail or ftp cant read then back, so user cant login... Knowing that md5, crypt insertion.. before ($_POST['password'])) works, but users cant login... I know they have been used (in MySQL terminal ) > INSERT INTO users (email, password) VALUES ('$_POST[email]', '".ENCRYPT($_POST['password']))", and these users CAN login without any problem...?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.