Index
» Projects
» phpMyEdit
» Forum
» md5 |
|
ezegolub
Joined: 30 Dec 2003
Posts: 1
Posted: 2003-12-30 16:18
Back to top
Reply with quote
|
I need to use md5 for passwords, but using a before trigger and changing the value to md5(value) doesnt seem to affect the query that finally gets executed. Is there any way to make it without resorting to using an after trigger that md5s the password with an update ?
Thanks a lot! PME rocks.
Ezequiel
|
hbernard
Joined: 23 Mar 2003
Posts: 159
Location: FRANCE
Posted: 2003-12-30 17:57
Back to top
Reply with quote
|
Hi,
I ran into the same trouble and wasn't successful without using an after trigger (As you said).
Hugues
ezegolub wrote: |
I need to use md5 for passwords, but using a before trigger and changing the value to md5(value) doesnt seem to affect the query that finally gets executed. Is there any way to make it without resorting to using an after trigger that md5s the password with an update ?
Thanks a lot! PME rocks.
Ezequiel |
|
ajh
Joined: 17 Dec 2003
Posts: 236
Posted: 2003-12-30 20:43
Back to top
Reply with quote
|
If you use the 'sqlw' function in the CVS version of PME, couldn't you just then use the MySQL MD5 function on that field when you write it?
['sqlw'] = 'MD5($val)'
(no promises my syntax is correct ;-)
|
hbernard
Joined: 23 Mar 2003
Posts: 159
Location: FRANCE
Posted: 2003-12-30 22:53
Back to top
Reply with quote
|
hmm, yes, you are totally right.
Just be careful about not applying MD5 against already hashed strings.
You have to use this code
$opts['fdd']['myfield'] = Array(
...
'sqlw' => 'if(myfield=$val_qas,$val_qas,md5($val_qas))',
...
);
in order to avoid re-hashing an already hashed string.
This mean, if 'myfield' value was not changed, then don't apply md5() on it.
If 'myfield' value was changed, then apply md5() on it.
ajh wrote: |
If you use the 'sqlw' function in the CVS version of PME, couldn't you just then use the MySQL MD5 function on that field when you write it?
['sqlw'] = 'MD5($val)'
(no promises my syntax is correct ;-) |
|
nepto
Joined: 06 Jan 2003
Posts: 381
Location: Phoenix, Arizona (USA)
Posted: 2004-01-01 22:16
Back to top
Reply with quote
|
Hi guys,
Maybe ['sqlw'] will help, maybe not. I do not know much about MySQL's MD5, thus I cannot recommend you this approach. But it looks flexible. :)
However I came accross this problem about two years ago and have it successfully solved till nowadays.
phpMyEzin: Content Management System
stores user password in MD5 sum formats. This is due to common security issues.
So, how I reach this functionality?
Code: |
$ezin_opts['fdd']['password'] = array(
'name'=>'Password',
'select'=>'T',
'maxlen'=>60,
'sort'=>true,
'required'=>true,
'options' => 'APC' .
(ezin_admin_check_full_list_privileges(
$ezin_opts['options']) ? 'VL' : '')
);
|
That was field definition and now class invocation. Please note, these are only relevant parts of whole working code.
Code: |
require_once 'phpMyEdit/phpMyEdit.class.php';
$ezin_form_password = phpMyEdit::get_cgi_var('password');
if ($ezin_form_password[0] == '@') {
$ezin_opts['cgi']['overwrite']['password'] =
md5(substr($ezin_form_password, 1));
}
new phpMyEdit($ezin_opts);
$ezin_form_operation = phpMyEdit::get_cgi_var('operation');
if (isset($ezin_form_operation)) {
echo '<hr><small><b>Password</b> - ';
echo 'start with @ character to calculate
MD5 of the rest of string<br></small>';
}
|
The idea behind the implementation is, that password is encrypted only if it starts with '@' character. This prevents before encrypting already encrypted MD5 summary. When user wants to change its password, I simply wrote "@new_password" into input field. After submit, password is updated.
Hope this helps.
_________________ Ondrej Jombik (Nepto)
Visit my
homepage
, review my recent
CV
or
projects
and give me some
feedback
.
|
doug
Joined: 10 Feb 2003
Posts: 1013
Location: Denver, Colorado (USA)
Posted: 2009-08-01 23:08
Back to top
Reply with quote
|
Below is a related encryption example which may help someone.
Code: |
$my_secret_salt = 'abc123xyz';
$opts['fdd']['my_encrypted_column'] = array(
'default' => '',
'input' => '',
'name' => 'My Encrypted Column',
'options' => 'ACPVDFL',
'sql' => 'if(my_encrypted_column <> "", AES_DECRYPT(my_encrypted_column, "'.$my_secret_salt.'"), "")',
'sqlw' => 'AES_ENCRYPT(TRIM("$val_as"), "'.$my_secret_salt.'")',
'sort' => false
);
// MySQL tinyblob column |
Using phpMyAdmin, one might add a new column to a table then populate the column with encrypted values from another field, and subsequenly delete the column containing the unencrypted data. BACK UP YOUR DATA BEFORE DOING THIS. NO WARRANTY EXPRESSED OR IMPLIED. Encryption salt for this example is "abc123xyz"
ALTER TABLE `my_table` ADD `my_encrypted_column` TINYBLOB NOT NULL AFTER `id` ;
UPDATE `my_table` SET `my_encrypted_column` = AES_ENCRYPT(`some_other_column`, "abc123xyz");
|
Post new topic
Reply to topic
|
|
|
|