Need to make some php reports, but need it to be secured, how can I deal with user passwords?

Can I use md5() function to check the user password ?




You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.

To post to this group, send email to er...@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/GkJ19BcciQsJ.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

            <div style="font-family: Helvetica; font-size: 13px; ">Hi HF,<div><br></div><div>I don't know the context of what you are trying to develop.</div><div><br></div><div>Here are my general recommendations.</div><div><br></div><div>MySQL has an inbuilt password type. You can use that to store passwords. That way, mysql will take care of the hashing, and you wont need to store password in plain text.</div><div><br></div><div>However, if you do want to use hashing algorithms, use sha256 or higher, instead of md5, as md5 has already been compromised.</div><div><br></div><div>Python has a module called hashlib. You can use its methods to implement any hashing, using preferably sha256 or higher. [<a href="http://docs.python.org/library/hashlib.html">http://docs.python.org/library/hashlib.html</a>]</div><div><br></div><div>Thanks,</div><div>Anand.</div></div>
            <div><div><br></div><div><br></div><div>Sent with <a href="http://www.sparrowmailapp.com/?sig">Sparrow</a></div><div><br></div></div>
             
            <p style="color: #A0A0A8;">On Sunday 22 July 2012 at 3:45 PM, HF wrote:</p>
            <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                <span><div><div>Can I use md5() function to check the user password ?<div><br></div>



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To post to this group, send email to er…@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/GkJ19BcciQsJ.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

            </blockquote>
             
            <div>
                <br>
            </div>



You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.

To post to this group, send email to er...@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Hi Anand; 


I need to authenticate ERPNext users from the tabProfile table in my php reports.
How can I check if user password correct ?



On Sunday, July 22, 2012 12:15:35 PM UTC+2, HF wrote:
Can I use md5() function to check the user password ?



You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.

To post to this group, send email to er...@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/aEcTyNU1_uwJ.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

            <div>
                Hi,
            </div><div><br></div><div>Just use this query:</div><div>select * from `tabProfile` where name = [username] and password = password( [password] )</div><div><br></div><div>if the result exists, then the user is authenticated..</div><div><br></div><div>Thanks,</div><div>Anand.</div>
            <div><div><br></div><div><br></div><div>Sent with <a href="http://www.sparrowmailapp.com/?sig">Sparrow</a></div><div><br></div></div>
             
            <p style="color: #A0A0A8;">On Sunday 22 July 2012 at 4:30 PM, HF wrote:</p>
            <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                <span><div><div>Hi Anand;&nbsp;<div><br></div><div>I need to authenticate ERPNext users from the tabProfile table in my php reports.</div><div>How can I check if user password correct ?</div><div><br></div><div><br><br>On Sunday, July 22, 2012 12:15:35 PM UTC+2, HF wrote:<blockquote type="cite"><div>Can I use md5() function to check the user password ?<div><br></div></div></blockquote></div>



You received this message because you are subscribed to the Google Groups “ERPNext Developer Forum” group.

To post to this group, send email to er…@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/aEcTyNU1_uwJ.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

            </blockquote>
             
            <div>
                <br>
            </div>



You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.

To post to this group, send email to er...@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

 

 

Thank you Anand, it works … Thanks a lot.

On Sunday, July 22, 2012 12:15:35 PM UTC+2, HF wrote:

Can I use md5() function to check the user password ?



You received this message because you are subscribed to the Google Groups "ERPNext Developer Forum" group.

To post to this group, send email to er...@googlegroups.com.

To unsubscribe from this group, send email to erpnext-developer-forum+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/erpnext-developer-forum/-/E-VaoEvM-zUJ.

For more options, visit https://groups.google.com/groups/opt_out.