Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mysql/php login page

Status
Not open for further replies.

dagoat10

Programmer
Jun 3, 2010
74
US
I am wondering if i can create a login in page using php to log in to a mysql database. Because if the user name is in the user table in the mysql database then i just need to be able to match the password which is encrypted, but i can decrypt the password. I have used a number of ways to decrypt it but no success. I have php 4.1.2, so that limits what i can try. Any ideas?
 
sure. don't see why not. it doesn't seem very efficient though.
 
well only thing that seems to work for my version is base64_encode and base64_decode.
 
I'm lost. what has base64_encode/decode got to do with logging in to a php site or to a mysql database?

perhaps it might be better for you to take two steps back and explain the problem you are trying to overcome and why you are having troubles.
 
ok, i am trying to login to a mysql database using input from a php form, but when i try it says access denied.

in other words the user name and password i send to the mysql database is from the form input.

i pull the user name and password from the post variables and then send them through a query like this:

Code:
$sql="SELECT * FROM user WHERE User='$myusername' and Password='$mypassword'";

my main problem is that when it compares the password variable with the one from user input, it fails due to the password it is checking is encrypted and i can't use decode(), or encode() because the php version is 4.1.2 the only functions that it allows me to use are crypt() and md5(). I just need to know how to compare the encrypted password with the user input because i can't decrypt the password.
 
again, this does not seem like a good idea. perhaps phpmyadmin might be a better tool.

but anyway I assume you are querying the user table having connected to the database server with root privileges. in which case use the following query

Code:
<?php
$sql = "select count(*) as `count` from user where `User`='%s' and `Password`=password('%s')";
$sql = vsprintf(  	$sql, 
					array(  
							mysql_real_estate_string($myusername), 
							mysql_real_estate($mypassword)
						)
				);
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if ($row['count'] == 1) {
	//ok
}
?>
 
If I'm understanding what you want to do correctly, you don't need to decrypt anything. I have a table with user logins with a CHAR(100) password field.

When I am setting a password, I encrypt it with SHA1 like this:

UPDATE USER_LOGIN SET PASSWORD = SHA1('$password') WHERE USERNAME = '$username'

When a user is logging in, you can just encrypt the password they type, and compare the encrypted strings. Like this:

SELECT * FROM USER_LOGIN WHERE USERNAME = '$username' AND PASSWORD = SHA1('$password')

This way there is no need to decrypt the password.
 
@frumpus

the OP is trying to use the built in mysql user table to authenticate users.

you are correct that a separate user table within a database (rather than at the system level) is a more usual solution.
 
In that case i would think you just pass the password in the mysql_connect function instead of trying to do it manually.

Code:
$con = mysql_connect($dbHostname,$dbUsername,$password)

right?
 
that would tell you whether the person has the right to access a particular database. not whether the person's user name and password were stored at the system level.

that might be enough. we don't know.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top