Forgive me if I do not describe this correctly, but I am looking to find a username and password solution that meets the following criteria:
utilize a MySQL
user registers with a username and 8 digit number (a birthday in mmddyyyy format, for example)
the password is the result of the date plus (or minus, multiplied by, divided by, whatever) the 8 digit number stored in the db when registered.
I've seen stuff like this before, but I do not know how to replicate. Any other security ideas are welcome.
if you do this wouldnt it mean when the member goes to login or something that there password is invalid?
Yes, I have some account verificatin scripts, but I am looking for a way that their password, if for example someone else found out what it was, it would be different the next day. Example:
I join the site and the special number entered is 07042002, being the 4th of July '02. This number is stored in a MySQL database, in the table with user logon info.
Today is Oct 13, 2005, or 10132005.
Now if I go to login today, I would enter my username and for the password I would first have to do whatever math equation (plus, minus, divide, mult.) Assuming that division is the chosen method, I would divide 07042002 by 10132005 = 69502552 (drop the decimal point and round to 8 digits.) That would be my password for as long as today is 10-13-2005, my secret number is 07042002 and the method is division.
I don't specifically need something exactly as described above. It seems that it would be easy enough, I just can't figure out how. Really I just need to make a maximum security entry that is not too burdensome for the user and flexable for a variety of platforms. I thought this up, but I have not been able to figure the proper php, something I am not very proficient at in the first place.
Thank you for your thoughts.
ok i understand what you mean kinda but it means the users will have a new password everyday and its gonna be a waste of time that way
getting the users password encrypting storing in teh database the encryption when the user logs in encrypt the password and get it to check the 2 encryptions if there identical log the user is still with me
thats your best bet otherwise its gonna gert difficult getting it to automattically change people password