Re: en/decrypt problem

This WebDNA talk-list message is from

1999

It keeps the original formatting. numero = 24403
interpreted = N
texte = Nitai wrote:> Hi all,>> Ona form the user eneters his password, which is [pass]. It is then appended> (along with his email, phone, address, etc):>> [append db=data/profile.db]pass=[encrypt> seed=testing][pass][/encrypt][/append]>> When the users wants to change his password he enters in another form his> email [email] and password [pass].>> On the next page I check for the existence of this user with:>> [search db=data/profile.db&eqemaildatarq=[email]&eqpassdatarq=[decrypt> seed=testing][pass][/decrypt]&max=1]>> I am probably doing a thinking mistake here, but I never get the users data> back. How can I compare the password which resides encrypted in the> profile.db with the [pass] value?>> I really appreciate any feedback.>> Sincerely,> NitaiYou are doing two things wrong here. First, in you lookup, you are decrypting anunencrypted password and comparing it to an encrypted one. Second, it is my understandingthat a string, encrypted with a user defined seed, does not encrypt to the same stringtwice. To compare in a searchroutine, you would need to use the encrypt command withouta seed, like so.[append db=data/profile.db]pass=[encrypt][pass][/encrypt][/append]Later, assuming you were comparing this with the input from a form variable called, forexample, [userpass], you would find the relevant record with:[search db=data/profile.db&eqpassdatarq=[encrypt][userpass][/encrypt]] [founditems] etc. [/founditems][/search]Bear in mind this will only work if there are no duplicate passwords in the database,since this routine could find multiple users otherwise.Alternately, if you want to use a seed anyways (likely because a string encrypted withouta seed cannot be decrypted), you'd have to use a secondary field as your primary searchterm, like this[append db=data/profile.db]pass=[encryptseed=testing][pass][/encrypt]&user=[username][/append]--[search db=data/profile.db&equserdatarq=[username]] [founditems] [showif [decrypt seed=testing][pass][/decrypt]=[userpass]] Password correct! [/showif] [/founditems][/search]This has the added advantage of only matching records where both the username and thepassword match, thereby eliminating the risk of duplicate matches.For more information, check out page 122 of the manual.Good luck,Derrick-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

Re: en/decrypt problem (Derrick Puckett 1999)
Re: en/decrypt problem (Will Starck 1999)
Re: en/decrypt problem (Derrick Puckett 1999)
en/decrypt problem (Nitai 1999)

Nitai wrote:> Hi all,>> Ona form the user eneters his password, which is [pass]. It is then appended> (along with his email, phone, address, etc):>> [append db=data/profile.db]pass=[encrypt> seed=testing][pass][/encrypt][/append]>> When the users wants to change his password he enters in another form his> email [email] and password [pass].>> On the next page I check for the existence of this user with:>> [search db=data/profile.db&eqemaildatarq=[email]&eqpassdatarq=[decrypt> seed=testing][pass][/decrypt]&max=1]>> I am probably doing a thinking mistake here, but I never get the users data> back. How can I compare the password which resides encrypted in the> profile.db with the [pass] value?>> I really appreciate any feedback.>> Sincerely,> NitaiYou are doing two things wrong here. First, in you lookup, you are decrypting anunencrypted password and comparing it to an encrypted one. Second, it is my understandingthat a string, encrypted with a user defined seed, does not encrypt to the same stringtwice. To compare in a searchroutine, you would need to use the encrypt command withouta seed, like so.[append db=data/profile.db]pass=[encrypt][pass][/encrypt][/append]Later, assuming you were comparing this with the input from a form variable called, forexample, [userpass], you would find the relevant record with:[search db=data/profile.db&eqpassdatarq=[encrypt][userpass][/encrypt]] [founditems] etc. [/founditems][/search]Bear in mind this will only work if there are no duplicate passwords in the database,since this routine could find multiple users otherwise.Alternately, if you want to use a seed anyways (likely because a string encrypted withouta seed cannot be decrypted), you'd have to use a secondary field as your primary searchterm, like this[append db=data/profile.db]pass=[encryptseed=testing][pass][/encrypt]&user=[username][/append]--[search db=data/profile.db&equserdatarq=[username]] [founditems] [showif [decrypt seed=testing][pass][/decrypt]=[userpass]] Password correct! [/showif] [/founditems][/search]This has the added advantage of only matching records where both the username and thepassword match, thereby eliminating the risk of duplicate matches.For more information, check out page 122 of the manual.Good luck,Derrick-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Derrick Puckett

DOWNLOAD WEBDNA NOW!

Re: en/decrypt problem

1999

Top Articles:

Related Readings: