password() and now()

[karthikanov24]

hi

In the following code,what is the use of PASSWORD() and NOW() ?

 

$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
	          VALUES ('$userName',PASSWORD('$password'), NOW())";

 

thanks,

karthikanov24

[Alex]

PASSWORD() hashes $password and NOW() returns a UNIX timestamp.

[PFMaBiSmAd]

However, DON'T use the mysql password() function in your application -

 

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

 

The hash length used by the password() function has changed at least once, thereby breaking any application that was using it.

[karthikanov24]

hi

when does the hashes while using password() changes and

will the hashes change while using md5() ?

 

 

thanks

karthikanov24

[Alex]

MySQL PASSWORD(), may change, and it has in the past (Was previously 16 bytes, now it's 41). But MD5() is an encryption that won't change. Same goes for SHA1().

[gizmola]

Ok, so just to clarify, I agree with AlexWD's comment -- mysql themselves state that their internal encryption algorithm shouldn't be used to encrypt passwords. 

 

As for quibbling, md5 and sha1 are Hashes.  They are not encryption per se, because they can not be decrypted.  You give a hash an input, and it will create a hash, such that it is impossible to derive the original input given the hash.  They should also have the property that it should be impossible to guess what the hash value is.

 

Using PHP's mcrypt extension you can use heavy weight encryption/decryption if you want.  This is a topic that is endlessly debated, as some people will insist that you should use hashes and not encrypt/decrypt routines, as this will insure that even if your server is compromised, people will not be able to reverse the original passwords.

 

Using a hash for a pw is a pretty standard alternative, but if you are going to use it, it's a good idea to hash a string that is comprised of more than just the password itself.  For example, using the username + pw + "a salt" would be a lot better input.

 

i won't explain what a salt is, but you probably want to read up on the idea if you intend to implement your own hash based password routines.

[karthikanov24]

thanks to all!

[PFMaBiSmAd]

As to what now() is -

 

NOW()

 

Returns the current date and time as a value in 'YYYY-MM-DD HH:MM:SS' or YYYYMMDDHHMMSS.uuuuuu format, depending on whether the function is used in a string or numeric context. The value is expressed in the current time zone.

 

You can find all the answer to basic mysql questions in the documentation - http://dev.mysql.com/doc/refman/5.1/en/index.html

 

I personally recommend downloading the .chm version of the manual as both the Index and Search tabs in it make finding information extremely easy.