PHP and MySQL password issue...
Moderator: General Moderators
PHP and MySQL password issue...
I recently tried to use a script that I know works. I have used it before, but I cannot figue out the problem.
When I add passwords to a table for login information, I send them to MySQL through PHP as password('$password'). This encrypts them fine. I can see that when I check the database.
When I try to validate the password later during login using the same method, I can't seem to get in. The exact same script works for me on a friend's server. I have installed PHP4 and MySQL on a Win 2K server. Did I miss a setting or something? How come they can be sent, but not retieved?
Also, I can't seem to find an mcrypt.dll that will work. It always locks up when PHP tries to access it. How come?
When I add passwords to a table for login information, I send them to MySQL through PHP as password('$password'). This encrypts them fine. I can see that when I check the database.
When I try to validate the password later during login using the same method, I can't seem to get in. The exact same script works for me on a friend's server. I have installed PHP4 and MySQL on a Win 2K server. Did I miss a setting or something? How come they can be sent, but not retieved?
Also, I can't seem to find an mcrypt.dll that will work. It always locks up when PHP tries to access it. How come?
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If you've got PHP 4.2 (or installed 4.1.x and used the php.ini-recommended), have you read this?
If the stuff from the above thread doesn't help maybe we could see some code to spot anything else that might be going wrong.
Mac
If the stuff from the above thread doesn't help maybe we could see some code to spot anything else that might be going wrong.
Mac
Here the part of the code. The first set is from the PHP to add members to the database and encrypt the password (this works fine). The second set is where I try to validate the user. This works only if I did not encrypt the password in the previous set and do not try to retrieve it with password(password). Keep in mind that this works perfectly on a friend's Apache server. Could there be a setting I missed when installing MySQL or PHP on my Win 2k Server box?
-----------start first set (add user)-----------------
$query = "insert into level1_members values ('NULL','".$username."', password('".$password."'),'".$date."','".$email."')";
$result = mysql_query($query);
$check_user = "select * from level1_members where username = '$username' or password = password('$password') ";
if ($result)
{
echo "User <b>$username</b> with password <b>$password</b> has been inserted into our database on $date"."<br><br>";
exit;
}
else if ($check_user)
{
echo "That username and/or password is already in use.";
exit;
}
else
{
echo "Unable to insert member into database.";
}
----------start second set (check for user)-------------
// query the database to see if there is a record which matches
$query = "select count(*) from level1_members where
username = '$username' and
password = password('$password')";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_result( $result, 0, 0 );
$success="schedule.php";
$failure="rejected.php";
if ( $count > 0 )
{
// visitor's name and password combination are correct
header("Location: $success");
}
else
{
// visitor's name and password combination are not correct
header("Location: $failure");
}
-----------start first set (add user)-----------------
$query = "insert into level1_members values ('NULL','".$username."', password('".$password."'),'".$date."','".$email."')";
$result = mysql_query($query);
$check_user = "select * from level1_members where username = '$username' or password = password('$password') ";
if ($result)
{
echo "User <b>$username</b> with password <b>$password</b> has been inserted into our database on $date"."<br><br>";
exit;
}
else if ($check_user)
{
echo "That username and/or password is already in use.";
exit;
}
else
{
echo "Unable to insert member into database.";
}
----------start second set (check for user)-------------
// query the database to see if there is a record which matches
$query = "select count(*) from level1_members where
username = '$username' and
password = password('$password')";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_result( $result, 0, 0 );
$success="schedule.php";
$failure="rejected.php";
if ( $count > 0 )
{
// visitor's name and password combination are correct
header("Location: $success");
}
else
{
// visitor's name and password combination are not correct
header("Location: $failure");
}
I think...................
$check_user = "select * from level1_members where username = '$username' or password = password('$password') ";
'And' Should come instead of 'OR' in query
'And' Should come instead of 'OR' in query
http://dev.mysql.com/doc/mysql/en/Encry ... tions.html
Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application
Well
timvw wrote:http://dev.mysql.com/doc/mysql/en/Encry ... tions.html
Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application
I TRIED ......USING MD5 And SHA1 but it generates different output from that of the value stored in database Encrypted
Code: Select all
<?php
$password=md5('noor');
$check_user = "select * from info
where password = password('$password') ";
//$check_user = "select * from info
//where password = '$password' ";
echo($check_user) ;
$link=mysql_connect('localhost','root','triadpass');
mysql_select_db('testdb');
$result= mysql_query($check_user) or die(mysql_error()) ;
while($arrt= mysql_fetch_array($result, MYSQL_ASSOC )){
print_r( $arrt) ;
echo("asdasdas") ;
}
?>still its not working
Hmmmmmmmm
Ok then how can i decrypt it to show it to user in this case i have to remember it .......and one more thing then whats the use of SQL Function
i already knew this way of md5 i wanna implement SQL PASSWORD('');
i already knew this way of md5 i wanna implement SQL PASSWORD('');