help with password function

[asherinho]

Hi! I am having a problem with password function is not working,here is the code

 

$db=mysql_connect("localhost","root","");

mysql_select_db("ppra_flis",$db);

$result=mysql_query("select * from login where uname='".$uname."' and pass=password('".$pass."')");

 

 

the variable $pass is not converted into encrypted form

[Wolphie]

What is the code for the password function? If I were you, I would just use:

 

<?php
  $password = 'mycoolPA55w0rd';
  
  $con = mysql_connect(...);
  mysql_select_db(...);
  $query = sprintf("SELECT * FROM `login` WHERE `uname` = '%s' AND `pass` = '%s' LIMIT 1", 
    sha1($password)); // Need code for password()!!
  $result = mysql_query($query) or trigger_error(mysql_error());
?>

[DoddsAntS]

Hi,

 

Your using the sql password function in the query, so the value of $pass will not change from what it is set to originally.

 

As shown by wolphie, if you want to change the value of $pass you will need to do something like

 

$pass = sha1($pass);

 

or

 

$pass = md5($pass);

[waynew]

If you want to be extra secure, use these functions, but change the salt(make sure they're the same in each function):

 

function encrypt_password($password){
     
      $salt = "justarandomword";
      $encrypted_password = sha1($salt.$password);
      return $encrypted_password;
}

 

And to compare password attempt:

 

function compare_passwords($password_attempt, $actual_password){
     
      $salt = "justarandomword";
      $password_attempt = sha1($salt.$password_attempt);

      if($password_attempt == $actual_password){
        return true;
      }

      else{
        return false;
      }
      
}

 

Forgive any small bugs/errors.

[asherinho]

It worked but there is a database problem.The convertion of md5() and sha1() in database is different from the one in php page thus there is no match.

 

example: in database the md5() convert the word 'user' to ee11cbb1 while the php page converts it to ee11cbb19052e40b07aac0ca060c23ee 

 

here are the codes

php codes: $passwod=md5($pass); $result=mysql_query("select * from login where uname='".$uname."' and pass='".$passwod."'");

 

database query: insert into login(uname,pass,status) values('user',md5('user'),'user')

[waynew]

It worked but there is a database problem.The convertion of md5() and sha1() in database is different from the one in php page thus there is no match.

 

example: in database the md5() convert the word 'user' to ee11cbb1 while the php page converts it to ee11cbb19052e40b07aac0ca060c23ee 

 

here are the codes

php codes: $passwod=md5($pass); $result=mysql_query("select * from login where uname='".$uname."' and pass='".$passwod."'");

 

database query: insert into login(uname,pass,status) values('user',md5('user'),'user')

 

sha1 and md5 are different from one another... if that's what you're talking about.

 

Use only one of them in your system to avoid confusion.

 

Secondly, make sure there are no length restrictions on your password column as this can essentially cut the password's length, which in turn makes it absolutely useless. Use a text column for it.

 

Thirdly, is $passwod not supposed to be $password?

 

This...

$result=mysql_query("select * from login where uname='".$uname."' and pass='".$passwod."'");

 

Can be done like so:

$result=mysql_query("select * from login where uname='$uname' and pass='$passwod'");

 

As it is inside " and not '

[waynew]

Also could you add:

 

$result=mysql_query("select * from login where uname='".$uname."' and pass='".$passwod."'") or die(mysql_error());

 

Because maybe there's an error and that's why the password isn't being approved.

[waynew]

My bad... your problem is definately the fact that you've put a length restriction on your password column. Take the length restriction off and use a text column instead and it should work.

[asherinho]

Thank you all.everything is fine now.keep up the good work