password('$password') returning 0 results

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
carydean
Forum Newbie
Posts: 2
Joined: Wed Jun 30, 2010 6:36 pm

password('$password') returning 0 results

Post by carydean »

I have a login page (user name, password) which the password part is not finding any records in the DB. I run my register page and enter a new user name and say pw of 1234567, then go out and try to login and the query finds the user name but fails on the password. I have queried the Db and the record is there but of course the ps is encrypted. The registration code is:

$result = mysql_query("insert into user_profile values (NULL,'$username', '$fname', '$lname', '$email', password('$password'), password('$password2'),'0','0')");



it appears to work fine

The login code is:


function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is unique
$result = mysql_query("select * from USER_PROFILE where username='$username' and pswd = password('$password')");
if (!$result)
return false;

if (mysql_num_rows($result)>0)
return true;
else
return false;
}


again doesn't get the password.

Any help would be greatly appreciated.

Thanks,

Dean
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: password('$password') returning 0 results

Post by JakeJ »

In order to get the password the user enters to match the password that is in the database, you have to encrypt that password so it checks against the encrypted version in the database.

"password" and "lk3993kidkl;a;q395u3qrk3l;kj59efgn09q4tawe" are not the same thing where the later is the encrypted version of the former.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: password('$password') returning 0 results

Post by requinix »

Code: Select all

if (!$result)
return false;
MySQL is case-sensitive when it comes to table names (maybe not on Windows).
carydean
Forum Newbie
Posts: 2
Joined: Wed Jun 30, 2010 6:36 pm

Re: password('$password') returning 0 results

Post by carydean »

I understand the encryption part but I guess my confusion is I thought the password() does the encryption and decryption. So since I am doing mysql_query("select * from USER_PROFILE where username='$username' and pswd = password('$password')");. I thought the password('$password') would also decrypt the password. Am I to assume that it does not and if that is the case can you provide me some guidance as to how I can decrypt it. As you can guess I am new to this password encryption stuff.

Thanks,

Dean
mikosiko
Forum Regular
Posts: 757
Joined: Wed Jan 13, 2010 7:22 pm

Re: password('$password') returning 0 results

Post by mikosiko »

http://dev.mysql.com/doc/refman/5.1/en/ ... n_password

read the Note relative to the usage of the function password()
Post Reply