I was searching the forum about how oscommerce encrypts the data stored in the database and I found out that it uses md5 encryption. I also learned that md5 is a one way encryption and cannot be decrypted..so i was wondering how oscommerce "retrieve" (not sure about the term to use) passwords from the database example when a customer logs in.. how does oscommerce check if the password entered on the form matches the password from the database since it is encrypted and cannot be decrypted?
Latest News: (loading..)
0
2 replies to this topic
#2
-
- Community Sponsor
-
- 10,466 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 14 January 2012, 02:32
CJ,
Look at the /includes/functions/password_funcs.php file for password validations
Chris
Look at the /includes/functions/password_funcs.php file for password validations
Chris
Edited by DunWeb, 14 January 2012, 02:32.
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#3
Posted 14 January 2012, 11:31
With a "one way encryption" method it works like this.
The password is encrypted and stored in the database when it is created.
When the customer logs in the code takes the password typed into the box on the login page and runs it thru the same encryption then compares the result of that with what is stored in the database.
If the encryption of what they typed into the password box matches the encrypted data stored in the DB then they have typed in the correct password.
The code never recreates the original password it just compares encryption results.
The password is encrypted and stored in the database when it is created.
When the customer logs in the code takes the password typed into the box on the login page and runs it thru the same encryption then compares the result of that with what is stored in the database.
If the encryption of what they typed into the password box matches the encrypted data stored in the DB then they have typed in the correct password.
The code never recreates the original password it just compares encryption results.
Edited by germ, 14 January 2012, 11:32.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
