Bytes Expert Newtork: Connect with experts in IT / Business | Expert Topics



Search

Go Back   Programmers Resource > Code Section > ASP Articles
Reload this Page MD5 Login
User Name
Password


 
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1  
Old 09-14-2006, 07:56 PM
twalter twalter is offline
Registered User
  
Join Date: Jul 2003
Location: Masssachusetts
Posts: 94
MD5 Login
Here is an example of using MD5 to validate an encrypted MD5 password from your database during login. This includes salting the password.

Username: test
Password: test
Encypted to look like this: 05a671c66aefea124cc08b76ea6d30bb in the databse.

<!--#include file="md5.asp"-->
<%
'filepath = Server.MapPath(Your Access DB File)
dim filepath
filePath = Server.MapPath("mydir/myfile.mdb")

'PWD set on the access database
PWD = "mypassword"

strConnect = "Provider=MSDASQL;" & _
"DRIVER={Microsoft Access Driver (*.mdb)};"& _
"DBQ=" & filepath & ";" & _
"password=" & PWD & ";"

Dim conn,rs,strsql, form_username, form_password
set conn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
conn.Open AdmConnect

form_username = request.form("username")
form_password = request.form("password")

epassword = form_username + form_password

'parse the password throught the md5.asp file
password = md5(epassword)

strsql = "Select * From tblusers where username = '" & Request.Form("username") & "' and Password = '" & password & "'"
set rs = conn.Execute (strsql)
......


-----------Adding a new record to your user table and encypting and salting the password.

'salt the password before encrypting
strpassword = password + form_username

'salt the password before encypting
strpassword = form_username + form_password

set cn = server.CreateObject("ADODB.Connection")
set rs = server.CreateObject("ADODB.Recordset")
cn.Open AdmConnect

rs.open "tblusers", cn, adOpenKeySet, adLockPessimistic, adCmdTable
'add to database
rs.AddNew
rs("username") = form_username
rs("firstname") = form_fname
rs("lastname") = form_lname
rs("email") = form_email
rs("password") = md5(strpassword)
rs("status") = "Active"
rs("authid") = form_permissions
rs.Update
rs.MoveLast

Dim strID
strID = rs("recordid")

For more information MD5 see this site: http://www.webcheatsheet.com/asp/md...t_passwords.php

You can download the md5.asp file that site as well.

Later we will get into the User requesting there password and allowing them to change it.

Demo will be available soon.
__________________
Tom Walter
 

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 02:50 AM.


Contact Us - Programmers Resource - Archive - Top

Powered by: vBulletin Version 3.0.3
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
All content Copyright ©1999 - 2010, Programmers Resource, unless otherwise noted.