Jump to content

PHP MySQL password=PASSWORD('') Problem

eamartin

By eamartin
in MySQL Help

 Share

Recommended Posts

eamartin Newbie

eamartin

Posted
Posted

Hi,

 

I have a user administration page that I\'m having some problems with. I have an HTML form in my code, that is reused to add users and edit users. When I do an edit, the form loads the variables from the database, and everything is shown, except the password. My statement to update or insert into the database contains the following:

 

UPDATE user SET uname=\'$uname\',password=PASSWORD(\'$password\')...

 

The problem really comes from my values that are loaded when doing an edit. Since the password is entered into the database encrypted, when I pull the value from the database and auto-populate the form with it, it\'s the encrypted version. So if I don\'t also type in a new password in the edit screen, the old password is lost and I have to reset it anyway. To gather my edit values, I do something like this:

 

$sql = \"SELECT * FROM user WHERE user_id=$user_id\";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$user_id = $myrow[\"user_id\"];

$uname = $myrow[\"uname\"];

$password = $myrow[\"password\"];

$email = $myrow[\"email\"];

$ulevel = $myrow[\"ulevel\"];

 

And then in my form, I echo the $password. I\'m thinking that if in the above section, I could some how integrate the password=PASSWORD(\'\') portion of the code, it would translate it back correctly, but I\'m not sure how to do it. Any ideas?

 

Thanks in advance for any and all help!

Link to comment
Share on other sites
gizmola Prolific Member

gizmola

Posted
Posted

I think your approach is a bit flawed. There is no value in you having the password on the form as an admin. The reason you encrypt the password is to secure it... even from yourself as an admin.

 

The only function you should reserve for yourself as an admin, is the ability to reset the password for the user manually. You should just have a function of your system that lets you supply a new password, and have that stored as the user\'s new password. I don\'t expect that this is something that should be needed very often, if you have adequate self-help functions allowing a user to set a new password for themselves, using some combination of their registered email, or password hints they provide when they set the account up.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.