zoran Posted September 22, 2009 Share Posted September 22, 2009 I am using password () function in an out of mysql database, but I get a message that there is no match in the login.php for that user name and password combination, even though I know there should be. What is wrong here? In my register.php I have: $result = mysql_query ("INSERT INTO users (name, password, email, showemail) VALUES ('".$user."',PASSWORD('".$pass."'), '".$email."', '".$showemail."')"); in my login.php I have: dbConnect(); $result = mysql_query("SELECT * FROM users WHERE name = '".$user."' AND password = PASSWORD('".$pass."')"); Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/ Share on other sites More sharing options...
mikesta707 Posted September 22, 2009 Share Posted September 22, 2009 try putting single quotes around the values Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923123 Share on other sites More sharing options...
zoran Posted September 22, 2009 Author Share Posted September 22, 2009 Done that but no avail login.php dbConnect(); $result = mysql_query("SELECT * FROM users WHERE name = '$user' AND password = PASSWORD('$pass')"); register.php $result = mysql_query ("INSERT INTO users (name, password, email, showemail) VALUES ('$user',PASSWORD('$pass'), '$email', '$showemail')"); Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923128 Share on other sites More sharing options...
PFMaBiSmAd Posted September 22, 2009 Share Posted September 22, 2009 The mysql PASSWORD() function is not intended to be used by your application code. The hash length that it uses has been changed at least once, breaking any application that was using it. You would need to do a test by SELECT'ing both the value from the password column and what PASSWORD('".$pass."') returnes and see if they are the same. If you have just written this application and don't yet have any real passwords stored, switch to the MD5() or SHA1() functions instead. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923141 Share on other sites More sharing options...
zoran Posted September 23, 2009 Author Share Posted September 23, 2009 Still no luck with MD5 () login.php dbConnect(); $result = mysql_query("SELECT * FROM users WHERE name = '$user' AND password = MD5('$pass')") or error_reporting(e_ALL); register.php $result = mysql_query ("INSERT INTO users (name, password, email, showemail) VALUES ('$user',MD5('$pass'), '$email', '$showemail')"); Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923617 Share on other sites More sharing options...
PFMaBiSmAd Posted September 23, 2009 Share Posted September 23, 2009 Do some troubleshooting, you were already told how - You would need to do a test by SELECT'ing both the value from the password column and what PASSWORD('".$pass."') returns and see if they are the same. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923632 Share on other sites More sharing options...
zoran Posted September 23, 2009 Author Share Posted September 23, 2009 I've aready done that, I just forgot to mention. select * from users where password = MD5('dido') I have registered a password dido with MD5() function into database, and when I look in phpMyAdmin it is there, but the response I get is: MySQL returned an empty result set (i.e. zero rows). Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923663 Share on other sites More sharing options...
PFMaBiSmAd Posted September 23, 2009 Share Posted September 23, 2009 when I look in phpMyAdmin it is there In programming, it is not enough just to look and see that something is present, you must check that it is correct. How about doing this part - see if they are the same. Until you find out why the two values are not matching on your server with your database, you will never solve this. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923700 Share on other sites More sharing options...
zoran Posted September 23, 2009 Author Share Posted September 23, 2009 How to check if those to values are the same, my friend? Can you give me a piece of code, because I dont know how to check it. All I got so far is the error message from the server. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923708 Share on other sites More sharing options...
herghost Posted September 23, 2009 Share Posted September 23, 2009 Try something like this: register $query = 'INSERT INTO users (user_id, username, password) VALUES (NULL, "' . mysql_real_escape_string($username, $conn) . '", ' . 'PASSWORD("' . mysql_real_escape_string($password, $conn) . '"))'; $result = mysql_query($query, $conn) or die(mysql_error()); login if (isset($_POST['submit'])) { $query = 'SELECT admin_level FROM users WHERE ' . 'username = "' . mysql_real_escape_string($username, $conn) . '" AND ' . 'password = PASSWORD("' . mysql_real_escape_string($password, $conn) . '")'; $result = mysql_query($query, $conn) or die(mysql_error($conn)); Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923719 Share on other sites More sharing options...
PFMaBiSmAd Posted September 23, 2009 Share Posted September 23, 2009 You would need to do a test by SELECT'ing both the value from the password column and what PASSWORD('".$pass."') MD5('dido') returns and see if they are the same. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-923720 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 I could select the value from the password column by typing this: dbConnect(); $sql=mysql_query("select password from users where userID='11' "); $result = mysql_fetch_assoc($sql); echo $result['password']; But I do not understand how to use a return to see what MD5('dido') puts into the database, so I can check it if they are the same. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-924996 Share on other sites More sharing options...
DavidAM Posted September 25, 2009 Share Posted September 25, 2009 You could add it to the select: $sql=mysql_query("select password, md5('dido') AS testpwd from users where userID='11' "); $result = mysql_fetch_assoc($sql); echo $result['password'] . '=?=' . $result['testpwd']; If they don't matchup, you may want to check the datatype/length of the column in the table; did you use CHAR or VARCHAR? Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925001 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 I got this: 6b9cfb08bdab57dea1af68c60ed19c=?=6b9cfb08bdab57dea1af68c60ed19c61 so there is a match, but I can not login. I used Varchar in the password column. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925005 Share on other sites More sharing options...
Alex Posted September 25, 2009 Share Posted September 25, 2009 I got this: 6b9cfb08bdab57dea1af68c60ed19c=?=6b9cfb08bdab57dea1af68c60ed19c61 so there is a match, but I can not login. I used Varchar in the password column. That's not a match. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925006 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 sorry , there is not a match. I'll have another look at the Varchar length. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925007 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 sorry, I'll have another look at the Varchar lenght Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925008 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 sorry, I'll have another look at the Varchar lenght Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925009 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 I have changed Varchar length in my password column from varchar(30) to varchar(90), and when I did the test again , got the same diference in values: 6b9cfb08bdab57dea1af68c60ed19c=?=6b9cfb08bdab57dea1af68c60ed19c61 Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925021 Share on other sites More sharing options...
DavidAM Posted September 25, 2009 Share Posted September 25, 2009 You will have to re-INSERT the row into the database. The value as truncated when you originally created it. Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925023 Share on other sites More sharing options...
zoran Posted September 25, 2009 Author Share Posted September 25, 2009 No, it is working now varchar(90) solved it. Thanks all Quote Link to comment https://forums.phpfreaks.com/topic/175154-solved-password-function-trouble/#findComment-925026 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.