To put password handling in your script (with or without SSI.php)
$passwrd = crypt($passwrd, substr($passwrd, 0, 2));
where passwrd is the passwrd they typed in, and then compare it aginst what's in the database.
The cookie has additional measures in it. Normally it is encrypted (after the standard encrypting above) like so:
$passwrd = crypt($passwrd, 'ys');
Done. Was that so hard? I simply think that you are in over your head if you can't do that.
And yes, I AM sorry IF I offended you... which it seems I did.
I'm aware that in Descarte's philosophy, everything is in the eye of the beholder... but I happen to believe more in Plato.
I've seen people like this, I even have a friend like this. They like to have power.... and being able to see someone's password makes them feel like they have it. Some abuse this power.... and it's not right.
And, so you know, I write things like I would say them - if I say something I realize might offend people, I'm not going to dilute it.
To my recollection, (which I will give you
could be wrong) decryption schemes for MD5 sometimes work, but not always. Like with any good encryption, there are a few possible answers.
Here's an example of decrypts:
Dhb#d5
dsHTs1
mypass
Hmmm which one is it? [sarcasm]Why, I don't know![/sarcasm]
However, this is why people are told to use good passwords... ie. my passwords usually look like this: "dsTw,b4".
QuoteSo what benefit is it to use the hash code instead of just storing the passwords? It makes it INCONVENIENT for unscrupulous administrators to get at them. It doesn't stop them. In the interum, those of us who struggle with PHP often get discouraged by the added complexity it adds to already tedious journeys in to somebody else's code.
The benefit is that you detour the power hungry admins who just like "being able to do it." Why should they need to get to them? Besides, with the help of SSI.php or the snippets I posted up there... what comnplex, difficult journey lies in store for these "unscruplulous administrators"?
And, I must say that YaBBSE takes GREAT PAINS to make it's code highly readable and easily understandable - which it is. The journey does not need to be littered with the hopes and wants to do things that simply have no reason to be done, like getting at a user's password.
I never called you petty. In fact, I meant that more to the first few posters. However, you
are inadept. There are things I'm inadept at - for example, I'm inadept at social situations because my father never let me leave the house except for school until I was 10 years old. (although I did manage to get out once to a friend's house...) We all have our weaknesses, and there's no reason to deny yours. Temporary as it might be.
I would further like to say that FYI, Windows 2000 Server/Windows .NET Server passwords can ALSO be cracked through brute force methods. MY FRIGGIN' WORD - the WPA can be hacked with it as well. Does that mean that administrators around the world will stop using the Windows Server Family? Will Microsoft release a new version of Windows XP, now without the WPA?
Please, there is no reason, I say yet again, for you to need to see your user's passwords. Whether for integration, resetting, or power-hunger.... there is no good reason.
However, just because my philosophy is platonic does not mean I'm always right - it just means that there is a 'right.'
-[Unknown]
[edit: As of this writing, I have not slept for 24 hours.... so I might not make complete sense.]
Author