PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
insert into table (username, password)
values ('adminuser', md5('adminuserpwd'));
This obvioulsy adds a hashed value into the table. However, when I try and retrieve it for authentication purposes it won't return any rows. What am I doing wrong
Place the md5 function into PHP rather than the mysql query - might simply a few things.
Also check that the stored hash and a generated hash from PHP of the same password are actually matching - may not be an error related to the code at all.
Well you want to select the password from the database where the username = username, otherwise i could just enter a commonly used password. Just select the password from the database and then compair it outside of the mysql query or include a clause to make it check the username within the query.
I assume that you are inputting the correct password, or else it wont return any results.
yes I am inputting the correct password, and username. Could you show me how I would compare the password outside of the mysql_query?
Makes sense to select the password where username = username
I have a check that makes sure the username exists in the database, and obviously the 2 would have to match. Is this the best way to do it? Or is there a more commonly used way of checking username and password?
<?php
$passwd = md5($_POST['password']);
$passCheck = mysql_query("select username from form_admin where password = '$passwd' and username = '$_POST[username]'");
?>
Also a good idea to run a few validation checks against password/username, e.g. isset(), is_string(), strlen() <= form_passwd_maxlen, etc. It will help prevent anyone from manipulating data or passing an sql injection...