[thelist] php password not encrypted
Andrew Maynes
andrew at uk-webdeveloper.co.uk
Wed Jul 10 07:55:01 CDT 2002
I need to take out an encryp part of a password handler within php, this is the
actual verification that both passwords are the same and then an crypt
$password = crypt ($HTTP_POST_VARS[pass1]); // Encrypt the password. The part
beneath the code is where the form inserts the registered visitor into a mysql
table, it seems the password is being submitted using '$password' whereas the
other fields are using '$HTTP_POST_VARS[username]' what do I have to change to
get the password inserted '$HTTP_POST_VARS[password]'? Presumably this would
take away the crypt problem?
Andrew
<code>
// Check to make sure the password is long enough and of the right format.
if (eregi ("^[[:alnum:]]{8,16}$", $HTTP_POST_VARS[pass1])) {
$b = TRUE;
} else {
$b = FALSE;
$message[] = "Please enter a password that consists only of letters and
numbers, between 8 and 16 characters long.";
}
// Check to make sure the password matches the confirmed password.
if ($HTTP_POST_VARS[pass1] == $HTTP_POST_VARS[pass2]) {
$c = TRUE;
$password = crypt ($HTTP_POST_VARS[pass1]); // Encrypt the password.
} else {
$c = FALSE;
$message[] = "The password you entered did not match the confirmed password.";
<end code>
$query2 = "insert into users values ('0', '$HTTP_POST_VARS[username]',
'$password', '$HTTP_POST_VARS[first_name]', '$HTTP_POST_VARS[last_name]',
'$HTTP_POST_VARS[email]', '$birthday')";
}
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.374 / Virus Database: 209 - Release Date: 7/9/02
More information about the thelist
mailing list