Am creating the employee registration form. while registration the password is not encrypted it directly entered in to the db. While user enter into their own login we have change Password option. on that am using simple update query to change the password with "md5". Now after updating the password is encrypted but I cant login?
When the password is stored as encrypted in the database, and the user wants to log in, you need to encrypt the password he enters and compare to the encrypted version in database.
If you are using the same field in database for the password and the encrypted password, you have to check both the password entered by the user and the encrypted version of it against the database. But that is very bad design :)I suggest you create a new field in the database for the encrypted version of the password, and as the users update/change their passwords, you set the clear text password field to NULL and start using the encrypted version. As you start digging into this security matter, I also suggest you look into salting passwords.
On my case i have 2 application one is for admin and another is for employee. Admin have rights to register the employee. the registered user only acess the employee portal. I encrypt password in the admin portal while registration. and i need to login in the employee portal.
Now I use [url="http://www.yiiframework.com/wiki/240/authenticating-against-phpass-hashes-with-yii"]this[/url]
in my registration form. when we save in the db the password will be encrypted. But I cant login. While employee enters, authenticate with help of password hash. this authenticate process done in employee portal "useridentity".
now am solve the problem… Am using md5 for the registration form and for the authentication, I changed the password into md5… But also i got error. "md5($model->password)"
Then i find out where the problem is. there is no problem in "md5($model->password)" the problem is in the DB. I intialize PASSWORD varchar(15), that is the problem. Because when encryption the size should be more than 25 so cant compare the password properly it shows error. I changed into varchar(50). now i solve the problem..