password function makes invalid login...help :(

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ps2cho
Forum Newbie
Posts: 1
Joined: Sat Sep 16, 2006 1:48 am

password function makes invalid login...help :(

Post by ps2cho »

ok i got a very simple login script working but the problem is that it wont find the table when it searches for it using this code:

Code: Select all

$sql = "select * FROM `users` WHERE user_name='$username' AND password=password('$password')";
But, it finds the users in the table with this:

Code: Select all

$sql = "select * FROM `users` WHERE user_name='$username' AND password='$password'";
Also, my register.php works and adds the user to the Database as my get_users.php file shows a list and its there. When i use the 2nd sql it works if i manually enter a user into the database...which basically, if the password is not encypted, the search finds the user, but if it is encrypted (using the register.php) it fails to find it.

Can anybody help me out and find out why it wont find it with the password encrypted?

Sorry im new to php but i have had experience with java so sorry if i seem confused....cos i am.

Thanks, ps2cho
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Are you using a MySQL version >= 4.1?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html
Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Your first query implies that you are storing passwords as plain text in your database. Is this correct? You may want to reconsider that logic, for security reasons.
Post Reply