Northern Flame Posted August 26, 2007 Share Posted August 26, 2007 I am creating a membership program and in my database i have a table that stores the basic user info. When they login my script checks for username first, and then for the password. I want it to check for the encrypted password, but whenever I try that it displays my error message, "Invalid Password!". How do I have the unencrypted password match the encrypted password? Somewhere once I saw someone say to use "md5($pass)" but that didnt work. Any suggestions? Quote Link to comment Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 What did you use to encrypt the passowrd? If you used md5 (which by the way is a hash, not encryption) you would use something like... <?php $uname = trim($_POST['uname']); $upass = md5(trim($_POST['upass'])); $sql = "SELECT uname,upass FROM users WHERE uname = '$uname' && upass = '$upass'"; ?> Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 oh, well like i said i saw somewhere awhile back someone saying that md5() can encrypt it. and they also said that using and encrypted password is more secure, does it make a difference? Quote Link to comment Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 Of course an encrypted password is more secure. Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 then do you or anyone know how to encrypt the password that the user posts so that i can check it with the encrypted password in my database? and when a user registers, his password is entered into the database as a password, which automatically encrypts it, PASSWORD('password') Quote Link to comment Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 I'll ask again. What did you use to encrypt the password that is in the database? Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 yea sorry, i didnt see that before, but i modified my last post. Quote Link to comment Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 Read the mysql manual entry for the PASSWORD function. It is not to be used by client code, it is an internal mysql function. If all your passwords have already been encrypted via PASSWORD() you will have troubles in the future. MySql will not guarantee the algorithms used to create PASSWORDed passowrds will not change over time. Hence, do NOT use it. Use MD5. Then, follow the example I posted above to do your check. Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 alright thanks, and its a good thing you told me this before i went any further with this because if I were to already have users i would not have been able to fix this while keeping my users and all their info Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.