trying to store a password in mysql table...used PASSWORD function...

[spewn]

Not certain if thats the right way...i changed the function to PASSWORD and it encrypted it, but when i'm trying to match the password with the encrypted one, it doesn't work.

i've been looking online and see that the password function in mysql may not do what i need.

i'm looking for extra security, that's why i wanted it.

any ideas or direction?

- g

 

[spewn]

okay, i found this and implemented it.

$sth = $dbh->prepare("SELECT adminID FROM admintable WHERE userlogin = '$ulogin' AND userpass = PASSWORD('$upass')");

i also tried removing the quotes around $upass, but still no dice.

$sth = $dbh->prepare("SELECT adminID FROM admintable WHERE userlogin = '$ulogin' AND userpass = PASSWORD($upass)");

i changed the value of the pass field to 100 var/char, but still can't match the login/pass.

any ideas?

- g

 

[PhoenixD]

I suggest using MD5 as its one-way encryption (comes out with a 32 character hash value). When you insert it use the md5 and when you check it use the md5, it should work.

-Kerry

 

[guelphdad]

Don't use the PASSWORD function, mysql recommends against using it. Use MD5 as Kerry suggests or SHA1

 

[feherke]

Hi

Is Ok to store the passwords encrypted, but you should also transfer them encrypted. I suggest to read "Login System" by Paul Johnston.

Feherke.

http://rootshell.be/~feherke/

 

[guelphdad]

Yes it is okay to store the passwords encrypted, but you should NOT use the password() function in mysql to encrypt them. As mysql changes their password hashing function from time to time (see 4.0 to 4.1 version) then the password hash will not match.

mysql tells you in the manual not to use password except in the case of creating users for your mysql database.