Northern Flame Posted August 26, 2007 Share Posted August 26, 2007 I am creating a membership program and in my database i have a table that stores the basic user info. When they login my script checks for username first, and then for the password. I want it to check for the encrypted password, but whenever I try that it displays my error message, "Invalid Password!". How do I have the unencrypted password match the encrypted password? Somewhere once I saw someone say to use "md5($pass)" but that didnt work. Any suggestions? Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/ Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 What did you use to encrypt the passowrd? If you used md5 (which by the way is a hash, not encryption) you would use something like... <?php $uname = trim($_POST['uname']); $upass = md5(trim($_POST['upass'])); $sql = "SELECT uname,upass FROM users WHERE uname = '$uname' && upass = '$upass'"; ?> Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334343 Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 oh, well like i said i saw somewhere awhile back someone saying that md5() can encrypt it. and they also said that using and encrypted password is more secure, does it make a difference? Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334344 Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 Of course an encrypted password is more secure. Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334345 Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 then do you or anyone know how to encrypt the password that the user posts so that i can check it with the encrypted password in my database? and when a user registers, his password is entered into the database as a password, which automatically encrypts it, PASSWORD('password') Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334347 Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 I'll ask again. What did you use to encrypt the password that is in the database? Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334352 Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 yea sorry, i didnt see that before, but i modified my last post. Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334353 Share on other sites More sharing options...
trq Posted August 26, 2007 Share Posted August 26, 2007 Read the mysql manual entry for the PASSWORD function. It is not to be used by client code, it is an internal mysql function. If all your passwords have already been encrypted via PASSWORD() you will have troubles in the future. MySql will not guarantee the algorithms used to create PASSWORDed passowrds will not change over time. Hence, do NOT use it. Use MD5. Then, follow the example I posted above to do your check. Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334356 Share on other sites More sharing options...
Northern Flame Posted August 26, 2007 Author Share Posted August 26, 2007 alright thanks, and its a good thing you told me this before i went any further with this because if I were to already have users i would not have been able to fix this while keeping my users and all their info Link to comment https://forums.phpfreaks.com/topic/66726-solved-checking-my-encrypted-password/#findComment-334358 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.