Ask a Question related to Coldfusion - Advanced Techniques, Design and Development.
-
bob2cam #1
Cannot check hashed password
Hello,
When users enter their email address and password in the login form, a login
check is made using the following code. (The password is hashed in the database)
<!--- Find record with this Email/password --->
<cfquery name="getUser" datasource="security">
SELECT email, password
FROM users
WHERE email = '#FORM.email#' AND password = '#form.password#'
</cfquery>
<cfoutput>
<cfif Hash(Form.password, "SHA") is not getUser.password>
Not working
<cfelse>
OK, it works.
</cfif>
</cfoutput>
I cannot get it to return "OK , it works" for the life of me. Can anyone point
out what's incorrect?
Many thanks,
Bob
bob2cam Guest
-
How to check a PDF document contain password security?
Are there anyway to check it for OLE automation? I want to test whether the document is editable. Dont't tell me that I need to try edit or insert... -
How do I can check a password Hash in WSE 2.0
By example Client token = new UsernameToken("juan", "1111", PasswordOption.TextPlain ); Server protected override string... -
Check HASH Password in WSE 2.0. Please Help.
By example, the next code work well. Client token = new UsernameToken("juan", "1111", PasswordOption.TextPlain ); Server protected override... -
MD5 System Password check with PHP
Hello everybody, I want to authenticate my user from web with PHP script. The user's passwords are stored in System as MD5 format (in... -
Is Cookies hashed by default
If I stored some data in a cookie, does ASP.NET hash the values in cookies by default to prevent the data from being tempered? If ASP.NET does... -
TA-Selene #2 Re: Cannot check hashed password
Because the password field in your database is hased and the form field you are
passing into the getUser query is not, that query will return 0 results.
You have two options:
- Have your WHERE clauase contain only the email address and not the password
and then do your compare with the CFIF statement
- Create a variable that is a hash of the form password and use that in your
query WHERE clause, then change your conditional statement to see if
getUser.RecordCount is 0
TA-Selene Guest
-
mkane1 #3 Re: Cannot check hashed password
Selene is correct, you need to hash form.password before using it as a query
criteria. Or don't include the password as criteria but compare it afterwards,
but I don't see any advantage to doing that. I use hashed passwords in a lot of
apps, and do something like below.
<cfset HashedPW = Hash(form.password)>
<cfquery name="getUser" datasource="security">
SELECT email, password
FROM users
WHERE email = '#FORM.email#' AND password = '#HashedPW#'
</cfquery>
mkane1 Guest
-
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
