Page 1 of 1

password('$password') returning 0 results

Posted: Wed Jun 30, 2010 6:38 pm
by carydean
I have a login page (user name, password) which the password part is not finding any records in the DB. I run my register page and enter a new user name and say pw of 1234567, then go out and try to login and the query finds the user name but fails on the password. I have queried the Db and the record is there but of course the ps is encrypted. The registration code is:

$result = mysql_query("insert into user_profile values (NULL,'$username', '$fname', '$lname', '$email', password('$password'), password('$password2'),'0','0')");



it appears to work fine

The login code is:


function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is unique
$result = mysql_query("select * from USER_PROFILE where username='$username' and pswd = password('$password')");
if (!$result)
return false;

if (mysql_num_rows($result)>0)
return true;
else
return false;
}


again doesn't get the password.

Any help would be greatly appreciated.

Thanks,

Dean

Re: password('$password') returning 0 results

Posted: Wed Jun 30, 2010 6:59 pm
by JakeJ
In order to get the password the user enters to match the password that is in the database, you have to encrypt that password so it checks against the encrypted version in the database.

"password" and "lk3993kidkl;a;q395u3qrk3l;kj59efgn09q4tawe" are not the same thing where the later is the encrypted version of the former.

Re: password('$password') returning 0 results

Posted: Wed Jun 30, 2010 7:07 pm
by requinix

Code: Select all

if (!$result)
return false;
MySQL is case-sensitive when it comes to table names (maybe not on Windows).

Re: password('$password') returning 0 results

Posted: Wed Jun 30, 2010 9:05 pm
by carydean
I understand the encryption part but I guess my confusion is I thought the password() does the encryption and decryption. So since I am doing mysql_query("select * from USER_PROFILE where username='$username' and pswd = password('$password')");. I thought the password('$password') would also decrypt the password. Am I to assume that it does not and if that is the case can you provide me some guidance as to how I can decrypt it. As you can guess I am new to this password encryption stuff.

Thanks,

Dean

Re: password('$password') returning 0 results

Posted: Wed Jun 30, 2010 10:05 pm
by mikosiko
http://dev.mysql.com/doc/refman/5.1/en/ ... n_password

read the Note relative to the usage of the function password()