2. PHPRunner General questions
  3. Encrypted Password
This topic is locked

Encrypted Password

 		2/13/2013 5:18:49 AM
PHPRunner General questions
U
 uli author

I set up the build in security option of PHP runner and choose to encrypt passwords.

Only the admin should be able to setup new users and to change passwords. The problem came up with setup of the edit page as it shows the encrypted password. That is a small problem. But after editing one of the other fields the encrypted string is taken as a new password and is encrypted again leaving an unknown password.

So how can the password input only be changed when a newly entered password?
Thanks for a hint to solve this.
R
 		rockrockers23 2/13/2013

Read this if you need to encrypt your existing password. http://xlinesoft.com/articles/encrypt_passwords.htm
Once encrypted, you cannot just edit it manually. Login first and click Change Password to setup your new password.
A
 		asawyer13DevClub member 4/7/2013



Read this if you need to encrypt your existing password. http://xlinesoft.com/articles/encrypt_passwords.htm
Once encrypted, you cannot just edit it manually. Login first and click Change Password to setup your new password.


I need to encrypt my existing passwords in my database but that link doesn't apply any more..

unless the routine to encrypt is the same, and just the place where encryption has moved is different.
Also does the forgot password routine unencrypt when it sends the email to the user?
I have the Enterprise Version PHPR 6.2
I was able to encrypt using the encrypt.php file, however I can't login now. Am I doing something wrong?
A
 		asawyer13DevClub member 4/7/2013



Also does the forgot password routine unencrypt when it sends the email to the user?


and No the forgot password option doesn't work in this scenario, it just sends the encrypted password which doesn't help.

Seems like something is not quite working.
A
 		asawyer13DevClub member 4/7/2013



and No the forgot password option doesn't work in this scenario, it just sends the encrypted password which doesn't help.

Seems like something is not quite working.


I had been doing the database encryption but I also tried the code encryption and it didn't work either.
A
 		asawyer13DevClub member 4/7/2013

I think the problem is the encrypt.php. It's old and looks like it only does an MD5 encryption on the data which isn't going to cut it.
Ok, I went ahead and des_encrypted my passwords using the key I generated in phpr project.
I can decrypt it also using the same key, but when I try to login it doesn't like my password. It says it's invalid.. Is it possible it doesn't realize it's supposed to decrypt it?
I'm over my head so I wait to hear from Sergey or someone who has this working.

I would think that pretty much 100% of the mysql sites that are created with PHPR would use encryption on the passwords, but who knows.

I also am very interested if it unencrypts when it sends the forgotten password email because it appears as though it doesn't.
Let's just say I'm confused.
Admin 4/8/2013

A quick recap on old and new password encryption schemas.
Old versions of PHPRunner (prior to 6.2) use MD5 for password encryption. This is not an encryption though, just a one way hashing and MD5 algorithm it uses is weak.
PHPRunner 6.2 Enterprise Edition adds a new option to use DES encryption to encrypt both data and passwords. However if you open a project created by older version of PHPRunner that uses MD5 password encryption - PHPRunner 6.2 will continue using MD5 encryption for compatibility.
However there are many scenarios where things can go wrong. For example, if you create a new project in PHPRunner 6.2 Enterprise Edition and point it to the database that contains MD5-encrypted passwords - this won't work.