Guy Redwood wrote:
Hi
I'm putting some simple screens together in zope to allow some users to
change their passwords. I think we're using 1.0rc4 with mysql patches.
We usually add passwords using phpmyadmin and 'encrypt' them.
I thought I could use a sql statement to check their existing username &
password like
SELECT * FROM users
WHERE
passwd = encrypt('passwdsupplied')
AND
userid = useridsupplied
but this doesn't work - I guess it's due to not using a 'salt' to generate
consistant encrypt results.
That's exactly it.
This works for mysql:
select * from users where
encrypt('passwdsupplied',left(passwd,2))=passwd and
userid='useridsupplied'
--
________________________________________________________________
Paul Stevens mailto:[EMAIL PROTECTED]
NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
The Netherlands________________________________http://www.nfg.nl
