SELECT email, password FROM users WHERE email = '#FORM.email#' AND password = '#form.password#' Not working OK, it works. I cannot get it to return "OK , it works" for the life of me. Can anyone point out what's incorrect? Many thanks, Bob [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => bob2cam [ip] => webforumsuser@m [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 1 [islastshown] => [isfirstshown] => 1 [attachments] => [allattachments] => ) --> Cannot check hashed password - Coldfusion - Advanced Techniques

Cannot check hashed password - Coldfusion - Advanced Techniques

Hello, When users enter their email address and password in the login form, a login check is made using the following code. (The password is hashed in the database) <!--- Find record with this Email/password ---> <cfquery name="getUser" datasource="security"> SELECT email, password FROM users WHERE email = '#FORM.email#' AND password = '#form.password#' </cfquery> <cfoutput> <cfif Hash(Form.password, "SHA") is not getUser.password> Not working <cfelse> OK, it works. </cfif> </cfoutput> I cannot get it to return "OK , it works" for the life of me. Can anyone point out what's incorrect? Many thanks, Bob...

  1. #1

    Default Cannot check hashed password

    Hello,

    When users enter their email address and password in the login form, a login
    check is made using the following code. (The password is hashed in the database)

    <!--- Find record with this Email/password --->
    <cfquery name="getUser" datasource="security">
    SELECT email, password
    FROM users
    WHERE email = '#FORM.email#' AND password = '#form.password#'
    </cfquery>

    <cfoutput>
    <cfif Hash(Form.password, "SHA") is not getUser.password>
    Not working
    <cfelse>
    OK, it works.
    </cfif>
    </cfoutput>

    I cannot get it to return "OK , it works" for the life of me. Can anyone point
    out what's incorrect?

    Many thanks,
    Bob

    bob2cam Guest

  2. #2

    Default Re: Cannot check hashed password

    Because the password field in your database is hased and the form field you are
    passing into the getUser query is not, that query will return 0 results.

    You have two options:

    - Have your WHERE clauase contain only the email address and not the password
    and then do your compare with the CFIF statement
    - Create a variable that is a hash of the form password and use that in your
    query WHERE clause, then change your conditional statement to see if
    getUser.RecordCount is 0

    TA-Selene Guest

  3. #3

    Default Re: Cannot check hashed password

    Selene is correct, you need to hash form.password before using it as a query
    criteria. Or don't include the password as criteria but compare it afterwards,
    but I don't see any advantage to doing that. I use hashed passwords in a lot of
    apps, and do something like below.



    <cfset HashedPW = Hash(form.password)>

    <cfquery name="getUser" datasource="security">
    SELECT email, password
    FROM users
    WHERE email = '#FORM.email#' AND password = '#HashedPW#'
    </cfquery>

    mkane1 Guest

  4. #4

    Default Re: Cannot check hashed password

    Thank you both. It works great!

    Bob
    bob2cam Guest

Similar Threads

  1. How to check a PDF doent contain password security?
    By ckpang@adobeforums.com in forum Adobe Acrobat SDK
    Replies: 1
    Last Post: January 14th, 03:33 PM
  2. How do I can check a password Hash in WSE 2.0
    By Juan Irigoyen in forum ASP.NET Security
    Replies: 3
    Last Post: June 14th, 12:16 PM
  3. Check HASH Password in WSE 2.0. Please Help.
    By Juan Irigoyen in forum ASP.NET Security
    Replies: 0
    Last Post: June 14th, 09:05 AM
  4. How do I check the password hash receive a token in WSE 2.0
    By Juan Irigoyen in forum ASP.NET Web Services
    Replies: 1
    Last Post: June 11th, 04:20 PM
  5. MD5 System Password check with PHP
    By Chinmoy Barua in forum PHP Development
    Replies: 6
    Last Post: August 26th, 03:58 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139