SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    France
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    using password(); then checking password. ?

    Hi folks,
    I'm trying to write authentication for sections of my site. I'm using Kevin's tutorial to help me understand. Thanks Kevin
    http://www.sitepoint.com/article/use...sessions-mysql

    I'm very new to all things mysql and php, so don't beat me to hard

    I'm using MYSQL 4.1.10-nt on WinXP... for the time being

    I have a problem with the password feild. So I have crashed out of php and I'm doing this on the command line in mysql. Same problem here is what I do.

    I have a table called user

    mysql> insert into user set
    ->userid = 'xxxx',
    ->password = password('xxxx');


    I then

    mysql> select * from user;

    which returns

    id userid password
    1 xxxx *1556A6F665359CE3

    OK - I think I'm looking good. I have added a user with a password using the password function to encrypt.

    Now I want to test for userid and password for authentication.

    mysql> select * from user where
    -> password = password('xxxx');


    This returns an empty set

    I think it's my 'where' statement that is the problem, but I cant find out why.

    Pretty stuck here folks; Any help would be appreciated

    Thanks.

    ps - I love this place

  2. #2
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry I can't see anything wrong with your syntax. I tried redoing most of what you have done and it worked fine (though I didn't match the table structure exactly it was close).

    **EDIT - I see you already answered this***
    So if you just go select * from user you can see the record in the table ?
    What if you try select * from user where userid='xxxx' ?

    I now think the problem might be that you made a mistake typing the original insert query.
    When I insert password('xxxx'); the hashed result is 5a62d73531da5605 which doesn't match what you have.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    France
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cranial-bore
    Sorry I can't see anything wrong with your syntax. I tried redoing most of what you have done and it worked fine (though I didn't match the table structure exactly it was close).

    **EDIT - I see you already answered this***
    So if you just go select * from user you can see the record in the table ?
    What if you try select * from user where userid='xxxx' ?

    I now think the problem might be that you made a mistake typing the original insert query.
    When I insert password('xxxx'); the hashed result is 5a62d73531da5605 which doesn't match what you have.
    Hey - thanks.
    I got it.

    When setting up the database i created the password column like this...

    password char(16) not null.

    When I ran my query, the return value was 41 digits long, but the password in the db was clipped to 16. So I changed to

    password char(41) not null.

    That works

    I think 41 digits maybe a bit overlkill for what I'm trying to do, so to save some database space I think I will try to work out how to clip the userinput hashed value to 16.


    Thanks alot and g'day


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •