1

I am working on admin features for my website, this is what I used for adding users http://www.jeasyui.com/tutorial/app/crud2.php

the thing is I've added a password field but it's shown as it's stored in database

    <th field="password" width="50" editor="password">Password</th>

and I want it to be ** or any symbol because I only need this field to add users, not to see every user's password

how can I do that?

EDIT:

The password is hashed and salted not in plain text.

Bayader
  • 15
  • 1
  • 4
  • 3
    If you need help with this, you aren't ready for admin features development. However, if you use an form field, it will accomplish what you are trying to do. DO bear in mind that someone looking at the source of your page will then see the password value......... – Rottingham Mar 15 '14 at 00:16
  • 6
    Why would you EVER display a password on your website at all? This should NEVER come up as you should NEVER store a clear text password in your database. – Mike Brant Mar 15 '14 at 00:16
  • 3
    The password should be salted and hashed, and should never leave the database. If you _have_ to have a column for the password, use a string literal of something like `*******`, regardless of what the actual password is. – Jason P Mar 15 '14 at 00:17
  • yeah.. the plaintext password should NEVER be stored ANYWHERE. The ONLY thing you should be storing is a salt/hash and the algo you used to generate said salt/hash. the only time you should ever be aware of the plaintext pw is when the user initially submits it.. and then you make a hash with a salt and forget about the plaintext pw – CrayonViolent Mar 15 '14 at 00:21
  • and please look up **sql injection** and **https** – Sico Mar 15 '14 at 00:24
  • I know I'm being very picky, but those are asterisks and not stars. Stars made me look for CSS. Good advice here in comments and answer! – nickhar Mar 15 '14 at 00:26
  • well most people use "star" and "asterisk" interchangeably..to the point that if someone were to *really* want a for real star and not asterisk, they would likely explicitly say "..and I mean a real star" and maybe even describe it (e.g. black, red, outline, etc..) just sayin' cuz you just sayin' lol – CrayonViolent Mar 15 '14 at 00:30
  • Thank u all for your response, I didn't use the exact code in the website and I hashed the password and all that, I just needed a way to display it in one symbol. and yes I said stars, I guess that is a big deal and everyone should learn the names of symbols even if it's not in their native language, just sayin' bro – Bayader Mar 15 '14 at 00:48

1 Answers1

5
  1. It sounds like you are storing passwords as plain text. Don't do that. Use password_hash (Available as of PHP 5.5) or bcrypt.
  2. You can override the value stored in the database by changing your SELECT-query a bit (assuming you are using SQL).

It will look similar to this (assuming you password column is called password):

SELECT  *, '***' AS password
FROM    users

Or even better: Simply only specify the columns you need.

SELECT  userid, username, email
FROM    users

As an additional note: The code example on the page you linked uses the deprecated mysql extension and is prone to SQL injections. You should switch to MySQLi or PDO and use prepared statements.

Community
  • 1
  • 1
TimWolla
  • 31,849
  • 8
  • 63
  • 96
  • override the value maybe it. I am using mysqli but the website looks helpful for beginners, thank u. – Bayader Mar 15 '14 at 00:55