Jump to content

Why is password query different from username query?


programguru

Recommended Posts

I am writing as script, and learing as I go along, but I was looking at some examples, and I wanted to know why the passward is queried the way it is below - notice it is different than the username query.. here is the code (any ideas?):

[code]$result = mysql_query("select * from writers
                            where username='$username'
                            and password = password('$password')"); [/code]

I assume password is a function, but unsure?
Link to comment
Share on other sites

From the mySql manual.
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
PASSWORD(str)

Calculates and returns a password string from the plaintext password str and returns a binary string, or NULL if the argument was NULL. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table.

mysql> SELECT PASSWORD('badpwd');
-> '*AAB3E285149C0135D51A520E1940DD3263DC008C'

PASSWORD() encryption is one-way (not reversible).

PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT().

Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your applications.
[/quote]
Link to comment
Share on other sites

Thanks Thorpe,

So basically, the this just encrypts the password so it was not easily traced in a MySQL db. Meaning if I had the db, and queried the password field, I would see binary numbers only?

ALSO, had another question re the same page I am creating. I have coded this based off some examples I have put together. I have also commented to show you my understanding of each function etc. If you could briefly explain if I am right or wrong, just trying to really nail these concepts.

[code]

{
    global $HTTP_SESSION_VARS;
       // this checks if there is an existing session globally, and carries the parameters over

    if (isset($HTTP_SESSION_VARS['auth_user']))
       // if  the variable is set, check the global $HTTP_SESSION_VARS; for (actually Im not sure where       "auth_user" came from?)

        return true;
    else
        return false;
}    

[/code]
Link to comment
Share on other sites

The [i]global[/i] keyword makes the variable $HTTP_SESSION_VARS available globally, not checks to see if it exists. Why are you using $HTTP_SESSION_VARS anyway? You should (unless your using some archiac version) use the $_SESSION superglobal.

As for the other bit.... If your not sure where [i]auth_user[/i] came from, your really missing the concepts. Sorry, but....

Maybe you need to do some tutorials on sessions?
Link to comment
Share on other sites

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Maybe you need to do some tutorials on sessions?[/quote]

I could not agree more. I have 4 PHP books, and PHP.NET, PHP.FREAKS, etc etc, and have read so much, but I think I am lacking the full basics. I know there are some tutorials on here. If you know of any good ones on sessions, please let me know.

Anyways, in regards to: [code]if (isset($HTTP_SESSION_VARS['auth_user']))[/code]

I can't find a straight answer anywhere. If you know what it means, please give any insight.


Link to comment
Share on other sites

Well, I wouldn't use $HTTP_SESSION_VARS for starters. Lets use the $_SESSION array. Yes, its an array, just like any other. So, [i]auth_user[/i] is an array index or key just like any other. eg..
[code]
$myarray = array();
$myarray['name'] = 'bob';
[/code]
Here you have an array ([i]$myarray[/i]). I can print the name value by using...
[code]
echo $myarray['name'];
[/code]
Sessions are basicaly the same, except the array is already created, and is global. To use it, first you need to check if a session already exists, and if not create one. This is what [i]session_start()[/i] does. Then its just a matter of storing whatever you like in the $_SESSION array. eg...
[code]
session_start();
$_SESSION['name'] = 'bob';
echo $_SESSION['name'];
[/code]
Really, its pretty simple. The $_SESSION array is just like any other, though its global.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.