Jump to content

Archived

This topic is now archived and is closed to further replies.

eamartin

PHP MySQL password=PASSWORD('') Problem

Recommended Posts

Hi,

 

I have a user administration page that I\'m having some problems with. I have an HTML form in my code, that is reused to add users and edit users. When I do an edit, the form loads the variables from the database, and everything is shown, except the password. My statement to update or insert into the database contains the following:

 

UPDATE user SET uname=\'$uname\',password=PASSWORD(\'$password\')...

 

The problem really comes from my values that are loaded when doing an edit. Since the password is entered into the database encrypted, when I pull the value from the database and auto-populate the form with it, it\'s the encrypted version. So if I don\'t also type in a new password in the edit screen, the old password is lost and I have to reset it anyway. To gather my edit values, I do something like this:

 

$sql = \"SELECT * FROM user WHERE user_id=$user_id\";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$user_id = $myrow[\"user_id\"];

$uname = $myrow[\"uname\"];

$password = $myrow[\"password\"];

$email = $myrow[\"email\"];

$ulevel = $myrow[\"ulevel\"];

 

And then in my form, I echo the $password. I\'m thinking that if in the above section, I could some how integrate the password=PASSWORD(\'\') portion of the code, it would translate it back correctly, but I\'m not sure how to do it. Any ideas?

 

Thanks in advance for any and all help!

Share this post


Link to post
Share on other sites

I think your approach is a bit flawed. There is no value in you having the password on the form as an admin. The reason you encrypt the password is to secure it... even from yourself as an admin.

 

The only function you should reserve for yourself as an admin, is the ability to reset the password for the user manually. You should just have a function of your system that lets you supply a new password, and have that stored as the user\'s new password. I don\'t expect that this is something that should be needed very often, if you have adequate self-help functions allowing a user to set a new password for themselves, using some combination of their registered email, or password hints they provide when they set the account up.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.