md5 for user password authentication?

I've enabled the user authentication feature, but I don't want my users' passwords stored in the mysql database as plaintext. Is there a way to enable md5 password storage for user authentication?
Put a face on your database
http://xataface.com/forum/
[password]
encryption=md5
shannah wrote:In the users table fields.ini file. If your password column is named 'password', you would have:
- Code: Select all
[password]
encryption=md5
if ( isset($field['encryption']) ){
$app =& Dataface_Application::getInstance();
switch(strtolower($field['encryption'])){
case 'md5':
return 'MD5('.$value.')';
case 'password':
return 'PASSWORD('.$value.')';
case 'sha1':
return 'SHA1('.$value.')';
case 'encrypt':
return 'ENCRYPT('.$value.')';
}
}
if ( isset($field['encryption']) ){
$app =& Dataface_Application::getInstance();
switch(strtolower($field['encryption'])){
case 'md5':
return 'MD5('.$value.')';
case 'password':
return 'PASSWORD('.$value.')';
case 'sha1':
return 'SHA1('.$value.')';
case 'encrypt':
return 'ENCRYPT('.$value.')';
case 'aes_encrypt':
return 'aes_encrypt('.$value.',\''.addslashes($app->_conf['_auth']['aes_password']).'\')';
}
}
[password]
encryption=aes_encrypt
[_auth]
aes_password="My Secret Code"
shannah wrote:Currently only md5, password, sha1, and encrypt are supported.
At your suggestion I have added aes_encrypt to my dev version to be in the next major release.
It is easy to add. In the Dataface/Serializer.php file, you'll find a section:
- Code: Select all
if ( isset($field['encryption']) ){
$app =& Dataface_Application::getInstance();
switch(strtolower($field['encryption'])){
case 'md5':
return 'MD5('.$value.')';
case 'password':
return 'PASSWORD('.$value.')';
case 'sha1':
return 'SHA1('.$value.')';
case 'encrypt':
return 'ENCRYPT('.$value.')';
}
}
Just add another case for aes_entrypt as follows:
- Code: Select all
if ( isset($field['encryption']) ){
$app =& Dataface_Application::getInstance();
switch(strtolower($field['encryption'])){
case 'md5':
return 'MD5('.$value.')';
case 'password':
return 'PASSWORD('.$value.')';
case 'sha1':
return 'SHA1('.$value.')';
case 'encrypt':
return 'ENCRYPT('.$value.')';
case 'aes_encrypt':
return 'aes_encrypt('.$value.',\''.addslashes($app->_conf['_auth']['aes_password']).'\')';
}
}
Note then you would have in your fields.ini file:
- Code: Select all
[password]
encryption=aes_encrypt
And you would need to specify a password in your conf.ini file:
- Code: Select all
[_auth]
aes_password="My Secret Code"
-Steve
$app =& Dataface_Application::getInstance();
shannah wrote:I forgot to note that I also added the line:
- Code: Select all
$app =& Dataface_Application::getInstance();
in the snippets above.