Not sure I'm putting my query inside proper category.This is related to password() function of MySQL and md5() function of PHP. I'm wondering that the result (encryption) produced by both command options is same or different. I want to make login procedure secure into my webpage, and using password() option to encrypt passwords into mysql databse. also I MD5ed the password entered by user at login.php by md5() option. but when I'm making a match expression (if password of php == password of database), i found i'm not able to login, which means both are not matching. It works fine if I enter text password in database and accept plain-text password from login.php. It shows that the encryption made by both commands are different, that's why the match exp. not resulting true.
Also, I'm getting an error display "cannot jump to row 0..." on login page. I know it is because of mysql_result() function, but I don't want it to be displayed on my login page. I'm attaching the simple login.php script for your review.
Why do you use password function in mysql? The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() instead.
Also, remember that there is a difference in the password function btw versions 3.2 and 4.0 (Esp the length of the encrypted string is different). Make sure you use the 4.0 correct MYSQL client library on the application side of your system - I guess this would be in apache.
Thanks for the help provided by you all, but I'm sorry I think I was not able to explain the problem to you properly. Let me do it again:
scenario is : I'm using Mysql database to store username, password and group into a table. password is encrypted inside the table by using passoword('actual password entered by user') function at the time of inserting data. Now, I want to use a php login page on my website to authenticate user matching mysql data. I'm using php's md5() function to encrypt password entered by user on login.php form, and then I'm matching it against mysql's password. I found they are not getting matched, I understood ( as SB explained) that it is because of different type of encryption by md5() & password().
Now, as SB suggested to use either password() or md5(), I'm not able to understand if I use encryption on only one end ( either in database or in login.php form), how could they match and return true? please guide me to understand this...
thanks in advance, and please also let me know the solution for the error display as explained in first post.
Not entierly sure if this is what you are looking for, but with mySql version 4.1, MySQL ODBC 3.51 Driver users must use a password coded 'old-style'. To accomplish this, update users with the following SQL:
mysql> USE mysql; mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newPassword') WHERE Host = 'someHost' AND User = 'someUser'; mysql> FLUSH PRIVILEGES;
insert into usertable (user, group, password) values ('userone', 'group1', password('actualpasswordenteredbyuser'));
Pretty standard, you'll have
Login.php:
select user, group, password from usertable where user = 'userone' and password = password('passwordfromlogin.php');
Basically, you get MySQL to do the password matching. If you get a record back, then you've successfully entered the password. If you don't get any records back, then they made a boo-boo.
I presume that you are having a problem getting the password into the database in a valid format in the first place. Why not, when you insert the userid/password into the database, use the MD5 function in MYSQL?
eg. INSERT into table SET password=MD5('string');
Regards
If in trouble, or in doubt, run in circles, scream and shout
