Page 1 of 1

password function makes invalid login...help :(

Posted: Sat Sep 16, 2006 1:53 am
by ps2cho
ok i got a very simple login script working but the problem is that it wont find the table when it searches for it using this code:

Code: Select all

$sql = "select * FROM `users` WHERE user_name='$username' AND password=password('$password')";
But, it finds the users in the table with this:

Code: Select all

$sql = "select * FROM `users` WHERE user_name='$username' AND password='$password'";
Also, my register.php works and adds the user to the Database as my get_users.php file shows a list and its there. When i use the 2nd sql it works if i manually enter a user into the database...which basically, if the password is not encypted, the search finds the user, but if it is encrypted (using the register.php) it fails to find it.

Can anybody help me out and find out why it wont find it with the password encrypted?

Sorry im new to php but i have had experience with java so sorry if i seem confused....cos i am.

Thanks, ps2cho

Posted: Sat Sep 16, 2006 2:10 am
by aaronhall
Are you using a MySQL version >= 4.1?

Posted: Sat Sep 16, 2006 2:31 am
by volka
http://dev.mysql.com/doc/refman/5.0/en/ ... tions.html
Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.

Posted: Sat Sep 16, 2006 11:36 pm
by RobertGonzalez
Your first query implies that you are storing passwords as plain text in your database. Is this correct? You may want to reconsider that logic, for security reasons.