/    Sign up×
Community /Pin to ProfileBookmark

MYSQL Password ??

Copy linkTweet thisAlerts:
Dec 09.2005

hello!
Reading a tutorial I found a query using Password for inserting a user’s input into a database.
I implemented it and tested it, the resulting string in the database is nothing like the one I inputted, which is logical since (from what i’ve read) password is an encrypting function.
But when I want to authenticate a user how then should I make the query?
Do I still have to use Password to encrypt the input and then compare??

thanks!

[code=php]
//For the time being im using this query to insert data
$query = “INSERT INTO Usuarios (Nick, Nombre, apellido1, apellido2, email, password) VALUES (‘$_nick’, ‘$_name’, ‘$_ape1’, ‘$_ape2’, ‘$_mail’, PASSWORD(‘$_pass’))”;
[/code]

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@chazzyDec 09.2005 — it's one way encrypted.

try this:
[code=php]
$pass=$_POST['password'];
$user=$_POST['username'];
$query = "SELECT Nick from Usuarios where Nick = ".$user." and password = PASSWORD('".$pass."');";
[/code]

hope that helps
Copy linkTweet thisAlerts:
@purefanauthorDec 09.2005 — Im sorry but I have a trully basic question...

I've never quite understood how to check if a user exist and [sigh...] well i have to ask.

I understand that in the query you posted just above Im selecting the rows where Nick and $user are the same and also the password is the same as the encrypted one in the db.

but if I wan to simply check if a user exist then im lost, I had been checking through all of the database until it found a matching username and then comparing the passwords, however im not sure this is the best way.

This following code prompts an error:
[code=php]
//there is a variable $existe which is set to true when the user and password match to those in teh database
$query = "SELECT nickname, password FROM Usuarios";
$result = mysql_query($query);
$existe = false;
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
if($_nick==$row["Nick"] && $_pass == $row["password"]){$existe=true;}

}//while

if($existe==true){
//They exist and they matched
$_SESSION['nick'] = $_nick;
echo "Ok its all good";
//header('Location: AgregarTorneo.php');
exit;
}//if match usuario and pass
else {
header('Location: inicio.php?mensaje=1');
}
[/code]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/purefanx/public_html/ajedrez/graph/autenticar.php on line 16
[/quote]
that line is: while($row = mysql_fetch_array($result, MYSQL_ASSOC))

Be critic and tell me all i've done wrong, I want to improve as a webdeveloper and all your comments will surely help me.

Thanks for your time
Copy linkTweet thisAlerts:
@chazzyDec 09.2005 — my code tells you if the username and password exist in the database.

if you want to check that a user exists the query is just
<i>
</i>SELECT <span><code>Nick</code></span> from <span><code>Usarios</code></span> where <span><code>Nick</code></span>='$nick';


you need to connect to the database before you start issuing queries. I would guess that's why you're getting an invalid resource error.

It is [b]extremely[/b] slow to get all the data from the database and then check each row in the application. learn where conditions. maybe this site can help you. http://www.databasejournal.com/ it's another owned by these people.

as for getting the results in the array, i typically use queries more like
select col1, col2 from table [and then any extra conditions]
and use (at least in php)$row=mysql_fetch_array($result,MYSQL_NUM). it's a little faster and i always know that col1 is now $row[0] and col2 is $row[1].

you should note, however, that checking a user exists should only happen when registering a new user (and sometimes it's better to let the db handle it) and checking username/password are correct for a certain user is part of authentication.
Copy linkTweet thisAlerts:
@NogDogDec 09.2005 — Here's a trimmed down version:
[code=php]
//check for match in database on nickname and password
// IMPORTANT, you MUST back-quote the column name password since it
// is a reserved work in MySQL
$query = "SELECT nickname, password FROM Usuarios ".
"WHERE nickname='$_nick' AND password=PASSWORD('$_pass')";
// added die() to output some debug info if query fails
$result = @mysql_query($query) or die("Query Failed: $query - " . mysql_error());
// if exactly one match is found, we're good to go
if(mysql_num_rows($result) == 1)
{
$_SESSION['nick'] = $_nick;
echo "Ok its all good";
//header('Location: AgregarTorneo.php');
exit;
}
else // no unique match found, so handle error here
{
header('Location: inicio.php?mensaje=1');
}
[/code]
Copy linkTweet thisAlerts:
@purefanauthorDec 09.2005 — Thank you guys!

you´ve certainly cleared my questions clean!

right now im in class but asaic I will try it, so far it looks just what I´ve been trying to understand
Copy linkTweet thisAlerts:
@juicemousezeroDec 09.2005 — Maybe like this?

Put this at the top...

[code=php]<?
//form isn't submitted yet
if (!isset($_POST['submit']))
{
?>[/code]

This in the center...
[CODE]
<form action="<?php =$_SERVER['PHP_SELF'] ?>" method="post">

Name: <input type="text" size="40" name="name"><br>
Password: <input type="text" size="40" name="password"><br>
<br>
<input type="Submit" value="Submit" name="submit">
</form>
[/CODE]

And this last...
[code=php]
//executes when the form is submitted
}
else
{

$username="dbname";
$password="dbpass";
$database="db";

$name = empty($_POST['name']) ? die ("Enter a name") : mysql_escape_string($_POST['name']);

$password= empty($_POST['password']) ? die ("Enter a password") : mysql_escape_string($_POST['password']);

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die("Unable to connect to $database!!!");

$query = "SELECT nickname, password FROM Usuarios WHERE nickname='$_nick' AND password=PASSWORD('$_pass')";

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

mysql_close();
}
?>

[/code]
×

Success!

Help @purefan spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...