#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    San Antonio
    Posts
    181
    Rep Power
    12

    MySQL to SQL Server and password()


    I have an internal Project Management and Scheduling app that I wrote internally for my company. It was written to use MySQL running on a Debian server, but I am going to move it to SQL Server 2000 and integrate it with our Accounting software. The part I am having trouble with is the user login portion. I previously used this:

    PHP Code:
    $sql "SELECT * FROM users WHERE username = \"$username\" AND user_password = password(\"$password\")"
    Apparently the password() function is not available when accessing SQL Server via ODBC. Is there an equivalent function I could use isntead so the passwords arent plaintext in the database? I only have 15 people using the system so a blank pwd reset wouldn't be too much trouble.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2002
    Location
    Tallahassee, Florida USA
    Posts
    53
    Rep Power
    0
    I cannot remeber any thing on top of my head but you
    probably need to post your question in a databse forum as

    http://forums.databasejournal.com/

    Good luck.
    Firas Najjar
  4. #3
  5. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
    From the MySQL manual:
    The PASSWORD() function is used by the authentication system in MySQL
    Server,
    you should *not* use it in your own applications. For that purpose, use
    MD5()
    or SHA1() instead.
    Be smart, use the standard MD5 function which is available in most databases.
    Or take the relevant code from mysql's source and make an UDF for your db ...

    Comments on this post

    • Snowcone disagrees
    Last edited by pabloj; March 3rd, 2005 at 10:57 AM.
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    San Antonio
    Posts
    181
    Rep Power
    12
    Interesting. I had never known that password() was a bad function to use. Time to move to md5() I guess.

    Edit: md5() doesn't seem to work in MsSQL...
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    San Antonio
    Posts
    181
    Rep Power
    12
    I suppose it might be better if I used a php based encryption function instead of using one that depends on the type of db backend I pick.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2002
    Location
    Tallahassee, Florida USA
    Posts
    53
    Rep Power
    0
    Function MD5() in php is good, there is encrypt function too.
    Firas Najjar
  12. #7
  13. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
  14. #8
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Location
    San Antonio
    Posts
    181
    Rep Power
    12
    I just set it up to encrypt the password before creating the query.

IMN logo majestic logo threadwatch logo seochat tools logo