SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    Fully Sweet Car noddy's Avatar
    Join Date
    Aug 2002
    Location
    Perth, Western Australia
    Posts
    759
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    why is this not encrypting the passwd

    I am using this SQL statement

    Code:
     SELECT user_id, user_username, user_passwd FROM users WHERE user_username = '$_POST[user_username]' AND user_passwd = PASSWORD($_POST[user_passwd])
    it is surposed to compare the entered user_username & the entered user_passwd (after encrypting it) then if they match pass and start the users session in my script

    but it isnt encrypting the passwd or something coz I havent got it to match yet.

    here is the full script

    PHP Code:
    <?
        session_start
    ();
        
        if (
    $_POST[user_username] && $_POST[user_passwd]) {
            
    // if a user has tried to log in
            
            // load the database info
            
    require ("inc/db.php");
            
            
    // connect to the database
            
    dbConnect();
            
            
    $query "SELECT user_id, user_username, user_passwd FROM users WHERE user_username = '$_POST[user_username]' AND user_passwd = PASSWORD($_POST[user_passwd])";
            
    $result mysql_query($query);
            if (
    mysql_num_rows($result) >0) {
                
    //if they are in the database register the user_id
                
    $user_username $_POST[user_username];
                
    session_register("user_username");
            }
        }
    ?>
    <html>
    <head>
    <title>Login User</title>
    <link href="css/MainStyle.css" rel="Stylesheet" type="text/css" title="MainStyle">
    <link href="css/link.css" rel="Stylesheet" type="text/css" title="Link">
    </head>
    <body>
    <? echo "$query"?>
    <?
        
    if (session_is_registered("user_username")) {
            echo 
    "You are logged in as: $user_username<br />";
            echo 
    "<a href=""\"logout.php\">Log out</a><br />";
        } else {
            if (isset(
    $user_username)) {
                
    // if they've tried and failed to login
                
    echo "Could not log you in";
            } else {
                
    // they have not tried to log in yet or have logged out
                
    echo "You are not logged in.<br>";
            }
            
            
    // provide form to log in
            
    echo "
            <form method=post action=\"login.php\">
            <table>
            <tr><td>Username:</td>
            <td><input type=text name=user_username maxlength=20></td></tr>
            <tr><td>Password:</td>
            <td><input type=password name=user_passwd maxlength=15></td></tr>
            <tr><td colspan=2 align=center><input type=submit name=submit value=Login> <input type=reset name=Reset value=Reset></td></tr>
            </table>
      </form>"
    ;
        }
    ?>
    <br>
    <? include "inc/footer.php" ?>
    </body>
    </html>
    thanks in advance for any help

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,220
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    the mysql docs say "The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead."
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    Fully Sweet Car noddy's Avatar
    Join Date
    Aug 2002
    Location
    Perth, Western Australia
    Posts
    759
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r937
    the mysql docs say "The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead."
    Ok I can change it put thats what they use in the php docs and scripts i read so is that the reason its not working for me though?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •