Problems when using PASSWORD( $pass) in PHP/MySql

Problems when using PASSWORD( $pass) in PHP/MySql

am 10.01.2008 11:00:27 von Karl

Hello.
I have a login pages with two fields. One for username and one for
password.
The username and password are stored in a mysql table.

When I am using plain-text password. It is no problem to login.
But when I use the PASSWORD() function, it is not possible to login at
all.

Is it because of the way I query the database?

I like to use the PASSWORD() function since it make a password like
"jad79daf78" to be similar to
"9834asfg25t4i930aga494asfd4faf444ijsd4457" in the password cell
instead of plain "jad79daf78"

Karl

Re: Problems when using PASSWORD( $pass) in PHP/MySql

am 10.01.2008 12:32:41 von Michael Fesser

..oO(Karl)

>I have a login pages with two fields. One for username and one for
>password.
>The username and password are stored in a mysql table.
>
>When I am using plain-text password. It is no problem to login.
>But when I use the PASSWORD() function, it is not possible to login at
>all.
>
>Is it because of the way I query the database?

We don't know how you query the database since you didn't post any
query. But if you use PASSWORD() to store the passwords, then of course
you also have to call PASSWORD() when you compare the user-submitted PW
with the stored one.

Micha

Re: Problems when using PASSWORD( $pass) in PHP/MySql

am 10.01.2008 13:04:37 von Karl

On 10 Jan, 12:32, Michael Fesser wrote:
> .oO(Karl)
>
>
> >Is it because of the way I query the database?
>
> We don't know how you query the database since you didn't post any
> query. But if you use PASSWORD() to store the passwords, then of course
> you also have to call PASSWORD() when you compare the user-submitted PW
> with the stored one.

Yes, i think that. But how do I build a query that call PASSWORD()?

Re: Problems when using PASSWORD( $pass) in PHP/MySql

am 10.01.2008 13:16:03 von Michael Fesser

..oO(Karl)

>On 10 Jan, 12:32, Michael Fesser wrote:
>> .oO(Karl)
>>
>>
>> >Is it because of the way I query the database?
>>
>> We don't know how you query the database since you didn't post any
>> query. But if you use PASSWORD() to store the passwords, then of course
>> you also have to call PASSWORD() when you compare the user-submitted PW
>> with the stored one.
>
>Yes, i think that. But how do I build a query that call PASSWORD()?

SELECT ...
FROM yourAuthTable
WHERE username = '$username'
AND password = PASSWORD('$password')

where $username and $password contain the validated and sanitized values
(see mysql_real_escape_string()) from the form on your HTML page.

Micha

Re: Problems when using PASSWORD( $pass) in PHP/MySql

am 10.01.2008 14:52:12 von Karl

Michael Fesser wrote:

> SELECT ...
> FROM yourAuthTable
> WHERE username = '$username'
> AND password = PASSWORD('$password')
>
> where $username and $password contain the validated and sanitized values
> (see mysql_real_escape_string()) from the form on your HTML page.
>
Thank you!

Karl