Operating System - Linux
1748265 Members
4021 Online
108760 Solutions
New Discussion юеВ

Re: PHP & MySQL related query

 
SOLVED
Go to solution
kcpant
Trusted Contributor

PHP & MySQL related query

Hi friends,

Not sure I'm putting my query inside proper category.This is related to password() function of MySQL and md5() function of PHP. I'm wondering that the result (encryption) produced by both command options is same or different. I want to make login procedure secure into my webpage, and using password() option to encrypt passwords into mysql databse. also I MD5ed the password entered by user at login.php by md5() option. but when I'm making a match expression (if password of php == password of database), i found i'm not able to login, which means both are not matching. It works fine if I enter text password in database and accept plain-text password from login.php. It shows that the encryption made by both commands are different, that's why the match exp. not resulting true.

Also, I'm getting an error display "cannot jump to row 0..." on login page. I know it is because of mysql_result() function, but I don't want it to be displayed on my login page.
I'm attaching the simple login.php script for your review.

thanks in advance

PreSales Specialist
9 REPLIES 9
Sergejs Svitnevs
Honored Contributor

Re: PHP & MySQL related query

Hi,

Why do you use password function in mysql?
The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() instead.

Regards,
Sergejs
Stuart Browne
Honored Contributor

Re: PHP & MySQL related query

The encryption used by MySQL's 'password()' function is very different from the 'md5()' based encryptions.

You either use PHP's md5 functions, and store the md5 string (as plain-text) in the MySQL database, or you just use MySQL's password() function.

One, or the other.
One long-haired git at your service...
Karsten Breivik_1
Frequent Advisor

Re: PHP & MySQL related query

Also, remember that there is a difference in the password function btw versions 3.2 and 4.0 (Esp the length of the encrypted string is different). Make sure you use the 4.0 correct MYSQL client library on the application side of your system - I guess this would be in apache.





poi
kcpant
Trusted Contributor

Re: PHP & MySQL related query

Hi Friends,

Thanks for the help provided by you all, but I'm sorry I think I was not able to explain the problem to you properly. Let me do it again:

scenario is : I'm using Mysql database to store username, password and group into a table. password is encrypted inside the table by using passoword('actual password entered by user') function at the time of inserting data. Now, I want to use a php login page on my website to authenticate user matching mysql data. I'm using php's md5() function to encrypt password entered by user on login.php form, and then I'm matching it against mysql's password. I found they are not getting matched, I understood ( as SB explained) that it is because of different type of encryption by md5() & password().

Now, as SB suggested to use either password() or md5(), I'm not able to understand if I use encryption on only one end ( either in database or in login.php form), how could they match and return true? please guide me to understand this...

thanks in advance, and please also let me know the solution for the error display as explained in first post.
PreSales Specialist
Karsten Breivik_1
Frequent Advisor

Re: PHP & MySQL related query

Not entierly sure if this is what you are looking for, but with mySql version 4.1, MySQL ODBC 3.51 Driver users must use a password coded 'old-style'.
To accomplish this, update users with the following SQL:

mysql> USE mysql;
mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newPassword') WHERE Host = 'someHost' AND User = 'someUser';
mysql> FLUSH PRIVILEGES;
poi
Stuart Browne
Honored Contributor
Solution

Re: PHP & MySQL related query

MySQL entry:

insert into usertable (user, group, password) values ('userone', 'group1', password('actualpasswordenteredbyuser'));

Pretty standard, you'll have

Login.php:

select user, group, password from usertable where user = 'userone' and password = password('passwordfromlogin.php');

Basically, you get MySQL to do the password matching. If you get a record back, then you've successfully entered the password. If you don't get any records back, then they made a boo-boo.
One long-haired git at your service...
renarios
Trusted Contributor

Re: PHP & MySQL related query

Hi,

In the /etc/httpd/conf.d/auth_mysql.conf there are a few comment lines how to manage your issue. Look in that file and find your answers.

Hope that helps,

Renarios
Nothing is more successfull as failure
David Logan_2
New Member

Re: PHP & MySQL related query

Hi,

I presume that you are having a problem getting the password into the database in a valid format in the first place. Why not, when you insert the userid/password into the database, use the MD5 function in MYSQL?

eg. INSERT into table SET password=MD5('string');

Regards
If in trouble, or in doubt, run in circles, scream and shout
kcpant
Trusted Contributor

Re: PHP & MySQL related query

Closing threads open from a long time....
PreSales Specialist