Jump to content

[SOLVED] password () function trouble


Recommended Posts

I am using password () function in an out of mysql database, but I get a message that there is no match in the login.php for that user name and password combination, even though I know there should be. What is wrong here?

 

In my register.php I have:

$result = mysql_query ("INSERT INTO users (name, password, email, showemail)

 

VALUES ('".$user."',PASSWORD('".$pass."'), '".$email."', '".$showemail."')");

 

in my login.php I have:

 

dbConnect();

 

 

$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'

AND password = PASSWORD('".$pass."')");

 

 

Link to comment
https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/
Share on other sites

Done that but no avail

login.php

dbConnect();

 

 

$result = mysql_query("SELECT * FROM users WHERE name = '$user'

AND password = PASSWORD('$pass')");

 

register.php

$result = mysql_query ("INSERT INTO users (name, password, email, showemail)

 

VALUES ('$user',PASSWORD('$pass'), '$email', '$showemail')");

The mysql PASSWORD() function is not intended to be used by your application code. The hash length that it uses has been changed at least once, breaking any application that was using it.

 

You would need to do a test by SELECT'ing both the value from the password column and what PASSWORD('".$pass."') returnes and see if they are the same.

 

If you have just written this application and don't yet have any real passwords stored, switch to the MD5() or SHA1() functions instead.

Still no luck with MD5 ()

login.php

dbConnect();

 

 

$result = mysql_query("SELECT * FROM users WHERE name = '$user'

AND password = MD5('$pass')") or error_reporting(e_ALL);

 

register.php

$result = mysql_query ("INSERT INTO users (name, password, email, showemail)

 

VALUES ('$user',MD5('$pass'), '$email', '$showemail')");

 

I've aready done that, I just  forgot to mention.

 

select * from users where password = MD5('dido')

 

I have registered a password dido with MD5() function into database, and when I look in phpMyAdmin it is there, but the response I get is:

MySQL returned an empty result set (i.e. zero rows).

when I look in phpMyAdmin it is there

In programming, it is not enough just to look and see that something is present, you must check that it is correct.

 

How about doing this part -

see if they are the same.

 

Until you find out why the two values are not matching on your server with your database, you will never solve this.

Try something like this:

 

register

$query = 'INSERT INTO users 
                (user_id, username, password)
           VALUES 
               (NULL, "' . mysql_real_escape_string($username, $conn) . '", ' . 
                'PASSWORD("' . mysql_real_escape_string($password, $conn) . '"))';
        $result = mysql_query($query, $conn) or die(mysql_error());

 

login

if (isset($_POST['submit'])) {
    $query = 'SELECT admin_level FROM users WHERE ' .
         'username = "' . mysql_real_escape_string($username, $conn) . '" AND ' .
         'password = PASSWORD("' . mysql_real_escape_string($password, $conn) . '")';
    $result = mysql_query($query, $conn) or die(mysql_error($conn));

I could select the value from the password column by typing this:

dbConnect();

 

$sql=mysql_query("select password from users where userID='11' ");

$result = mysql_fetch_assoc($sql);

echo $result['password'];

 

But I do not understand how to use a return to see what MD5('dido') puts into the database,

so I can check it if they are the same.

You could add it to the select:

$sql=mysql_query("select password, md5('dido') AS testpwd from users where userID='11' ");
$result = mysql_fetch_assoc($sql);
echo $result['password'] . '=?=' . $result['testpwd'];

If they don't matchup, you may want to check the datatype/length of the column in the table; did you use CHAR or VARCHAR?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.