Thread: passwords

    #1
  1. No Profile Picture
    Jayseph
    Guest
    Devshed Newbie (0 - 499 posts)
    Hi, does anyone know how to do a check against an encrypted password by the password function? Specifically I want to use a query to see if the user has entered the correct password. Is there anyway to do this? I've used password('userspassword') to encrypt the password, now I need to know how to select records for passwords that match. Is there anyway to do it?

    Thanks in advance,

    <!--Jay//-->Jayseph Richardson
    ETM Network - http://www.etmnet.com
    Blizzard Nation - http://www.blizzardnation.com
  2. #2
  3. No Profile Picture
    rod k
    Guest
    Devshed Newbie (0 - 499 posts)
    I assume you are talking about the mysql function 'password()' as php doesn't have a password() function.

    If so to do a compare you could build your query like.

    select * from users where password=password(enteredpassword);
  4. #3
  5. No Profile Picture
    Jayseph
    Guest
    Devshed Newbie (0 - 499 posts)
    Sorry, yes I meant the mySQL password function and the query you suggest doesn't work. I've tried it before and it seems to not return any valid records.

    Any other suggestions??
  6. #4
  7. No Profile Picture
    rod k
    Guest
    Devshed Newbie (0 - 499 posts)
    Yes. I forgot the '' around the password.

    This IS tested and works:

    select * from your_table where password=password('enteredpassword');

    Rod
  8. #5
  9. No Profile Picture
    Jayseph
    Guest
    Devshed Newbie (0 - 499 posts)
    Hi, I'm tried that as well awhile back and again today and it doesn't seem to work either. Here is a little snippet of code

    $query = "SELECT * FROM $userstable WHERE ACCOUNT_USERNAME = '$account_username' and ACCOUNT_PASSWORD = password('$account_password') ORDER BY ACCOUNT_NUMBER";

    $result = mysql_query($query);

    /* How many of these orders are there, if any? */
    $number = mysql_numrows($result);

    $i = 0;
    if ($number == 0)
    {

    }
    elseif ($number > 0)
    {

    }

    The select statment always seems to return 0 records which causes it to go into the first if instead of the elseif. I've tried using the select statment below but it returns a true value no matter what the username and password are (which is the opposite problem).

    $query = "SELECT count(*) FROM $userstable WHERE ACCOUNT_USERNAME = '$account_username' and ACCOUNT_PASSWORD = password('$account_password') ORDER BY ACCOUNT_NUMBER";

    Any additional help would be appreciated.
  10. #6
  11. No Profile Picture
    rod k
    Guest
    Devshed Newbie (0 - 499 posts)
    I see one error and it might be a typo. It's not mysql_numrows() but mysql_num_rows().

    Also you say the second query returns true. Does that mean you get a result id in $result? You only get false if there is an error, not if it's an empty set. If however you mean you get data returned then that means the num_rows thing was a typo... it also means I'm not sure what's wrong...


    I don't use ANDs in the where clauses if I can help it. Unfortunately, because you've used the mysql password function to encrypt instead of a php md5() or encrypt() you have to do the encrypting in the query, which, unless you've made passwords unique, means you HAVE to use the AND in the query. That's one of the reasons I never use the mysql password() function outside of the mysql permissions table. I always use md5 and pull the record on the index (it's also faster and less overhead), then encrypt in the script. Kinda like this:

    <?
    $result=mysql_query("select * from users where uid='$uid');
    $info=mysql_fetch_array($result);
    if($info[password]!=md5($entpassword))
    {
    /* password invalid */
    }else
    {
    /* password valid */
    }

    The other nice thing about that is you can use a char(32) field instead of a varchar(n) field in the table for the password field.

    l8r

    Rod

Similar Threads

  1. Postgres ignores passwords
    By sfncook in forum PostgreSQL Help
    Replies: 1
    Last Post: December 19th, 2003, 07:14 PM
  2. Replies: 3
    Last Post: October 7th, 2003, 06:37 AM
  3. Outlook and email passwords
    By jrivesj in forum Beginner Programming
    Replies: 3
    Last Post: June 19th, 2003, 08:12 PM
  4. Hashing passwords
    By JMM in forum Security and Cryptography
    Replies: 8
    Last Post: September 4th, 2001, 06:27 PM
  5. Mod_auth_mysql encrypted passwords
    By Rebel in forum Apache Development
    Replies: 1
    Last Post: March 2nd, 2001, 04:32 AM

IMN logo majestic logo threadwatch logo seochat tools logo