Jump to content

Recommended Posts

I have set up a website for a friend on my own web space. All works fine as he has an admin control panel where he can log in and change what ever he likes. When a user is created for this admin CP, the password is set into the MySQL database using

user_password = PASSWORD('$password')

 

This works fine and encrypts it as expected and I am able to login using the password as normal

 

I have now set up his own webspace and exported his database and files to it. Now when I try to login on his new site it does not recognise the password string. Why?

 

All the coding is fine as I have tried changing the password in the database to an unencrypted one and changed the login feature and took the PASSWORD() function away and it works. So it is just that PASSWORD() is not recognising the string that was set on the old site.

Link to comment
https://forums.phpfreaks.com/topic/266700-password-encryption/
Share on other sites

I thought it may have been because of the MySQL version so I ran a MySQL query on the new site with the following: (Username: admin, Password: admin)

$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
	          VALUES ('$userName', PASSWORD('$password'), '$config_datetime')";

This returned the password string in the database as: *2470C0C06DEE42FD1618BB99005ADCA

 

Then in the login function it runs the following (and returns "Wrong Username or Password"):

	if ($userName == '') {
	$errorMessage = 'You must enter your username';
} else if ($password == '') {
	$errorMessage = 'You must enter the password';
} else {
	// check the database and see if the username and password combo do match
	$sql = "SELECT user_id
	        FROM tbl_user 
			WHERE user_name = '$userName' AND user_password = PASSWORD('$password')";
	$result = dbQuery($sql);

	if (dbNumRows($result) == 1) {
		$row = dbFetchAssoc($result);
		$_SESSION['plaincart_user_id'] = $row['user_id'];

		// log the time when the user last login
		$sql = "UPDATE tbl_user 
		        SET user_last_login = '$config_datetime' 
				WHERE user_id = '{$row['user_id']}'";
		dbQuery($sql);

		// now that the user is verified we move on to the next page
                        // if the user had been in the admin pages before we move to
		// the last page visited
		if (isset($_SESSION['login_return_url'])) {
			header('Location: ' . $_SESSION['login_return_url']);
			exit;
		} else {
			header('Location: index.php');
			exit;
		}
	} else {
		$errorMessage = 'Wrong username or password';
	}		

}

return $errorMessage;
}

 

Im completely confused. If i remove the user_password = PASSWORD('$password') and put the password string from the top of the post in to the Password box then it works fine. So it seams that it is just that the PASSWORD() function is giving the same result on both queries...

Link to comment
https://forums.phpfreaks.com/topic/266700-password-encryption/#findComment-1366927
Share on other sites

I have solved it. The new mysql version used a longer encryption. The password field I was using before was limited to VARCHAR 32 where the new password string was 41 chars long. So i changed it to VARCHAR 50 just in case and it works fine.

 

I also replaced all PASSWORD() functions with SHA1() as I have researched and found that it is a strong encryption.

 

Hope this helps anyone.

Link to comment
https://forums.phpfreaks.com/topic/266700-password-encryption/#findComment-1366931
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.