2 Replies - 3784 Views - Last Post: 04 March 2012 - 11:53 AM Rate Topic: -----

#1 deucalion0  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 48
  • Joined: 27-November 10

How to password match encrypted password using SHA256?

Posted 04 March 2012 - 05:09 AM

Hey guys, I have a database table that has users and the passwords are encrypted using SHA256, I need to create a login form using ColdFusion but I cannot figure out the code that to tell the posted password variable that the password in the table is encrpyted.

Here is my code:

   <cfquery name="qVerify" datasource="MyDSN">
   	SELECT	*
       FROM	cryptuser
       WHERE firstname = '#firstname#'
       AND	 password = '#password#'
</cfquery>


It won't work unless I can tell #password# that password in the table is encrypted using SHA256.

Can anyone help me figure out how to do this, I cannot see any clear answer from my research.

Many thanks.

Is This A Good Question/Topic? 0
  • +

Replies To: How to password match encrypted password using SHA256?

#2 Craig328  Icon User is offline

  • I make this look good
  • member icon

Reputation: 1926
  • View blog
  • Posts: 3,471
  • Joined: 13-January 08

Re: How to password match encrypted password using SHA256?

Posted 04 March 2012 - 08:11 AM

Hey deucalion0. I want to make sure I understand what your situation is. You have passwords in your table. Are passwords stored in an encrypted string in the database? If so, what you're going to need to do is to encrypt whatever the user is passing in as a password and then compare it to what you have in the database. To encrypt the user's password submission you'll need to use a native CF function called Hash().

Using that function, your SQL query will look like this:
   
<cfset variables.hashedPW = Hash(password,"SHA-256")>
<cfquery name="qVerify" datasource="MyDSN">
   	SELECT	*
       FROM	cryptuser
       WHERE firstname = '#firstname#'
       AND	 password = '#variables.hashedPW#'
</cfquery>


If what the user submitted as a password and which you then hashed with the SHA-256 algorithm matches what's in the database, your query will come back with a good record and if it doesn't match it won't.

Hope that helps. Good luck!
Was This Post Helpful? 2
  • +
  • -

#3 deucalion0  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 48
  • Joined: 27-November 10

Re: How to password match encrypted password using SHA256?

Posted 04 March 2012 - 11:53 AM

Craig 328, thank you so much that was perfect! I would never have figured out how to do that so thanks for your help it works perfectly!!!

I appreciate it!!!!!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1