FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


"dynamic" passwords?





Fortinbras
Forgive me if I do not describe this correctly, but I am looking to find a username and password solution that meets the following criteria:

utilize a MySQL
user registers with a username and 8 digit number (a birthday in mmddyyyy format, for example)
the password is the result of the date plus (or minus, multiplied by, divided by, whatever) the 8 digit number stored in the db when registered.

I've seen stuff like this before, but I do not know how to replicate. Any other security ideas are welcome.

Thanks.
homer09001
if you do this wouldnt it mean when the member goes to login or something that there password is invalid?
homer09001
anouther idea is get htem to validate their account i use this system on my site:

when a user registers a unique 20 alpahnumeric string is entered into a database including the users info plus a unique id No

the server automaticaly sends the user and e-mail with a hyperlink that contains the users id & unique key No e.g. http://www.your-domina.com/val.php$id=1&$code=jvgha7g6sad8g687ag7a9sg when clicked on it check these values and if they are identical activates the users account

if you want this i can sort out the coding for you?
Fortinbras
Yes, I have some account verificatin scripts, but I am looking for a way that their password, if for example someone else found out what it was, it would be different the next day. Example:

I join the site and the special number entered is 07042002, being the 4th of July '02. This number is stored in a MySQL database, in the table with user logon info.
Today is Oct 13, 2005, or 10132005.
Now if I go to login today, I would enter my username and for the password I would first have to do whatever math equation (plus, minus, divide, mult.) Assuming that division is the chosen method, I would divide 07042002 by 10132005 = 69502552 (drop the decimal point and round to 8 digits.) That would be my password for as long as today is 10-13-2005, my secret number is 07042002 and the method is division.

I don't specifically need something exactly as described above. It seems that it would be easy enough, I just can't figure out how. Really I just need to make a maximum security entry that is not too burdensome for the user and flexable for a variety of platforms. I thought this up, but I have not been able to figure the proper php, something I am not very proficient at in the first place.

Thank you for your thoughts.
homer09001
ok i understand what you mean kinda but it means the users will have a new password everyday and its gonna be a waste of time that way

how about:

getting the users password encrypting storing in teh database the encryption when the user logs in encrypt the password and get it to check the 2 encryptions if there identical log the user is still with me

thats your best bet otherwise its gonna gert difficult getting it to automattically change people password
mathiaus
in your mysql table you need a column for the following,
password, method, lastlogindate
then during login you'd ask if the lastlogindate was todays date. If it was the passwords the same otherwise you take that password the method and the lastlogindate. Convert the lastlogindate to numbers as you suggested, then do a sum of $password $method $convertedlastlogindate
then in the sql change the password to the new one and the date to today
Then echo to the user the password has changed and they need to use their new password to login.

This would mean it would not automaticly change the password each day but only when they tried to login.

Is this method not useless as if you tell people how to work out their passwords so can others. Also secure passwords contain both characters, numbers and symbols!

Hope that helps
Matt Smile
snowboardalliance
Fortinbras wrote:
Yes, I have some account verificatin scripts, but I am looking for a way that their password, if for example someone else found out what it was, it would be different the next day. Example:

I join the site and the special number entered is 07042002, being the 4th of July '02. This number is stored in a MySQL database, in the table with user logon info.
Today is Oct 13, 2005, or 10132005.
Now if I go to login today, I would enter my username and for the password I would first have to do whatever math equation (plus, minus, divide, mult.) Assuming that division is the chosen method, I would divide 07042002 by 10132005 = 69502552 (drop the decimal point and round to 8 digits.) That would be my password for as long as today is 10-13-2005, my secret number is 07042002 and the method is division.

I don't specifically need something exactly as described above. It seems that it would be easy enough, I just can't figure out how. Really I just need to make a maximum security entry that is not too burdensome for the user and flexable for a variety of platforms. I thought this up, but I have not been able to figure the proper php, something I am not very proficient at in the first place.

Thank you for your thoughts.


And how is that ANY safer than just thier original number? I mean, if everyone uses the SAME EQUATION, it means if you find someone elses number, you just do the equation and have their password. Really unecessary and a waste of time really.
Related topics
PHP Book (Php and Mysql for Dynamic Web Sites)
How to get your dynamic PHP website crawled better by se ?
How To : Secure Your PHP Website
Choosing secure passwords
751 Useful Windows XP Files
Lost passwords
Dynamic User Customizable Sites. CSS + PHP = Awesome!
Tutorial: PHP Installed Modules Dynamic Reference Tool
Who knows Knight online passwords
Dynamic drives under Windows
HTML to Dynamic!?
The Basics (php, mysql etc)
[GUIDE] How to create a dynamic signature?
[PHP] Calling dynamic pictures
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.