Yes, that will work, just a) make sure that the password column in your
database is 32 chars exactly [varchar(32) or something, as md5 hashes
are 32 chars in length], and b) in the sql code you don’t want to say
WHERE user = '$md5($pass)', rather, WHERE user = 'md5($pass)', or else
it will treat $md5() as a variable, instead of the md5() function. Also,
I find the easiest way to auth a user, especially if you'll need to auth
him/her on more than one occasion, is writing a small function to do
that:
<?php
$md5_pass = md5($orig_pass);
// this creates a 32 char string of encrypted chars
function authUser($user, $pass) {
$sql = "SELECT id FROM user_table WHERE (user = '$user') AND
(pass = '$pass')";
$result = mysql_query($sql);
if (!$result) {
die("Error querying DB in
authUser()<br>".mysql_error());
}
return mysql_num_rows($result);
}
/**** then you call on the function to auth. If the function returns 1,
then the user is authenticated, if 0, it fails. ****/
$is_auth = authUser($submitted_user, $md5_pass);
if ($is_auth == "0") {
echo "Sorry, bad user/pass. Hit back and try again.";
}
else {
echo "You logged in successfully!";
}
?>
Hope this helps!
-- David Balatero
-----Original Message-----
From: Paulo Henrique Lomanto [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 25, 2001 12:23 PM
To: Pedro M. S. Oliveira; PHP db
Subject: RES: [PHP-DB] Password field!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
You can do this:
Encrypt a passowrd before insert into db using $var =
md5('your_password'); and insert the $var into your pass field into
your db.
To verify the password, get the pass entered by user and do
$md5('user_pass') and do a select into your db like this:
SELECT user, ip FROM your_table WHERE user = '".$user_entered."' AND
pass = '".$md5('user_pass')."';
if this select return a row, the user pass is valid. If not, this is
not valid. And your password are encrypted! :)
[]´s
Lomanto, Paulo H.
- -----Mensagem original-----
De: Pedro M. S. Oliveira [mailto:[EMAIL PROTECTED]]
Enviada em: quarta-feira, 25 de abril de 2001 16:01
Para: PHP db
Assunto: [PHP-DB] Password field!
Hello all!
i was wondering if any1 of you could help me with something.
i have a table with 3 fields user_ip, user and pass.
how can i encript the pass and then read compare it with a pass
inserted on the web page?
thanx
*******************************************
Pedro Miguel Silva Oliveira
Cell Phone: +351 96 5867227
SMS: [EMAIL PROTECTED]
Email: [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOuckBZyz9Qg5WP+kEQITSQCguN65L93RIeqmynzoV8uMArXinJEAoIPQ
WiDfcwq/ZJXTvDPPL6Xm3zwt
=jwsZ
-----END PGP SIGNATURE-----
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
