Full Version: Encrypting Passwords
okay, i think it's a good idea, but my old one never works anymore! it's supposed to. i have seen many times that your old one will still work.
what are you talking about? 
well a lot of the sites have a script added now that encrypts your password so that the wm's can't see them. your old one is still supposed to work, but mine doesn't....latest ones emailvalue, themailclub. i have to go and request a password every so often. i guess it's when my puter eats the cookie, lol.
I am coming across with this problem as well since a couple of programs would not accept my password that I put in except for the encrypted ones. GRRRRRRRRRRRRRRRRRR.
yeah and when ya update your info it says your username is already in use ~
UGH.........there's one site that will not let me log in even with the encrypted password 
I copy and paste--no good. I manually type it in--no good. I know I am in the user base because I can request a *useless* password. My old password doesn't work either. No great loss, as I was trying to log in to unsub anyway 
I copy and paste--no good. I manually type it in--no good. I know I am in the user base because I can request a *useless* password. My old password doesn't work either. No great loss, as I was trying to log in to unsub anyway
Great. That was an update from John at Myecom. It appears to be a big pain in the ahem.
Actually, it's not so the WEBMASTERS can't see them, lol, it's so that if the sites get hacked they can't access your pw and use it for other sites, paypal, etc, (if you are dumb enough to use the same pw for paypal...).
This is what John said to us:
" * A few small changes, nothing major except new accounts will have the ' " & ? and space removed from them if a person uses them becuase it causes some problems. For example try to put a ? or & in the referral url and they will never get their credit for referrals.
* A NOTE EXPLAINING ENCRYPTION. Try to get paypal to send you your password, they can't its encrypted all they can do is send you a NEW password. If it could be decrypted then it would defeat the purpose of encrypting it in the first place. The people that are having a problem loging in is not because of the encryption direcly, Its because passwords now must be entered in the CoRrEcT case, where before it was not case sensitive.
* The encryption was not added to protect the members account on your site. Lets face it. if a hacker gets his hands on your data he can do what ever he wants to it and not even need to use the passwords. It is to prevent the hacker from ever knowing the real password so that if your member uses that password on PayPal or egold or other services like that, the hacker will not be able to log into those services and steel their money. This did happen by the way. And some of the sites hacked also used ftp passwords that were real close to the passwords they used on PTR sites so once the hacker got his hand on one database it was just a matter of him trying username and passwords on the ftp access to other site owners that used those same passwords on PTR sites. Then he got access to even more members and more passwords.
* The referral ID is no longer saved in a cookie, It is tracked using php sessions only and of course the confirmation url as always
* All passwords are saved in the database encrypted. This will prevent hackers from ever knowing the passwords of your members (if your server ever gets hacked). which is good for all those insane members that use their paypal password for all the PTR accounts
* The accounting table does not use Mysql Auto-Increment as some people after restoring their database mysql decided to set the next number to use as the last possible, causing them no to be able to add more transactions to the database
* Still reports of a bug in the use of both cash and points signup and referral bonuses. This release addresses this problem"
Hope that helps.
Actually, it's not so the WEBMASTERS can't see them, lol, it's so that if the sites get hacked they can't access your pw and use it for other sites, paypal, etc, (if you are dumb enough to use the same pw for paypal...).
This is what John said to us:
" * A few small changes, nothing major except new accounts will have the ' " & ? and space removed from them if a person uses them becuase it causes some problems. For example try to put a ? or & in the referral url and they will never get their credit for referrals.
* A NOTE EXPLAINING ENCRYPTION. Try to get paypal to send you your password, they can't its encrypted all they can do is send you a NEW password. If it could be decrypted then it would defeat the purpose of encrypting it in the first place. The people that are having a problem loging in is not because of the encryption direcly, Its because passwords now must be entered in the CoRrEcT case, where before it was not case sensitive.
* The encryption was not added to protect the members account on your site. Lets face it. if a hacker gets his hands on your data he can do what ever he wants to it and not even need to use the passwords. It is to prevent the hacker from ever knowing the real password so that if your member uses that password on PayPal or egold or other services like that, the hacker will not be able to log into those services and steel their money. This did happen by the way. And some of the sites hacked also used ftp passwords that were real close to the passwords they used on PTR sites so once the hacker got his hand on one database it was just a matter of him trying username and passwords on the ftp access to other site owners that used those same passwords on PTR sites. Then he got access to even more members and more passwords.
* The referral ID is no longer saved in a cookie, It is tracked using php sessions only and of course the confirmation url as always
* All passwords are saved in the database encrypted. This will prevent hackers from ever knowing the passwords of your members (if your server ever gets hacked). which is good for all those insane members that use their paypal password for all the PTR accounts
* The accounting table does not use Mysql Auto-Increment as some people after restoring their database mysql decided to set the next number to use as the last possible, causing them no to be able to add more transactions to the database
* Still reports of a bug in the use of both cash and points signup and referral bonuses. This release addresses this problem"
Hope that helps.
well some of us program owners arent happy campers either......I was locked out of my own site for hours 
Why not all you webmasters tell John to get rid of that crappy script since it is causing problems instead of fixing it?
Well then if a site happens to get hacked then someone has access you your passwords....that most people STILL use the same ones at all the sites......
Thats why its in place
Like any script thier are bugs that need to worked out
Thats why its in place
Like any script thier are bugs that need to worked out
i suppose i shall interject for a moment here...
My site (not a paid-to program, mind you) uses password encryption religiously... Here's how one way encryption works:
You register, enter a password. It is encrypted, and can never be decrypted.
When you log in, the password you enter is encrypted, then compared to the existing encrypted password in the database.
It is impossible to "retrieve" your password, there is NO way to decrypt it. Rather, a new password must be set, either by the webmaster or by the user who clicks a unique link that is sent to their unique e-mail address upon request.
This is the BEST way for ALL webmasters who have login scripts to work, because it ensures that if for some reason your database is compromised, downloaded by someone, etc., then at least your users' passwords are secure. Afterall, entering in an encrypted password would just encrypt the already encrypted password, which would differ from the stored value of the encrypted password.
Why more sites don't use password encryption is far beyond me...
My site (not a paid-to program, mind you) uses password encryption religiously... Here's how one way encryption works:
You register, enter a password. It is encrypted, and can never be decrypted.
When you log in, the password you enter is encrypted, then compared to the existing encrypted password in the database.
It is impossible to "retrieve" your password, there is NO way to decrypt it. Rather, a new password must be set, either by the webmaster or by the user who clicks a unique link that is sent to their unique e-mail address upon request.
This is the BEST way for ALL webmasters who have login scripts to work, because it ensures that if for some reason your database is compromised, downloaded by someone, etc., then at least your users' passwords are secure. Afterall, entering in an encrypted password would just encrypt the already encrypted password, which would differ from the stored value of the encrypted password.
Why more sites don't use password encryption is far beyond me...
PaidProgramReview has chosen not to go through with this update until it's fixed.
Another problem that comes up is that email addresses won't register as usernames.
If I were to use
bbspobwpvsjt@hotmail.com
It comes up
bbspobwpvsjthotm
Another problem that comes up is that email addresses won't register as usernames.
If I were to use
bbspobwpvsjt@hotmail.com
It comes up
bbspobwpvsjthotm
I am very angry with this new upgraded scripts, once I installed them now nothing is registering in member accounts. Sign up bonuses are not adding, no cash, points, and I can't even go in and adjust accounts. I can't get John to answer any of the emails that I have sent.
My members have been great up until this point. Since the hacking incident it has been nothing but a pain in the ***!
Sorry just had to vent.
Thanks Lisa
My members have been great up until this point. Since the hacking incident it has been nothing but a pain in the ***!
Sorry just had to vent.
Thanks Lisa
I remember the site that I had problems with the password for the encryption. HossierCash. My old password would not work, and I tried many times to login.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.