Alright here goes.....
This is my login function:
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return 0;
// check if username is unique
$result = mysql_query("select * from admin
where username='username' and
password = password('$password')");
if (!$result)
return 0;
if (mysql_num_rows($result)>0)
return 1;
else
return 0;
}
And here is my admin.php page:
<?
// include function files for this application
require_once("golf_fns.php");
session_start();
if ($username && $passwd)
// they have just tried logging in
{
if (login($username, $passwd))
{
// if they are in the database register the user id
$admin_user = $username;
session_register("admin_user");
}
else
{
// unsuccessful login
do_html_header("Problem:");
echo "You could not be logged in.
You must be logged in to view this page. <br>";
do_html_url("login.php", "Login");
do_html_footer();
exit;
}
}
do_html_header("Administration");
if (check_admin_user())
display_admin_menu();
else
echo "You are not authorized to enter the administration area.";
do_html_footer();
?>
I checked my database and as you said, the password has been encrypted.
Shouldn't MySQL be able to compare it against an encrypted password?
Thanks for your help!
"Jonathan Hilgeman" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can you show us the code that checks the username and password to see if
> they're correct?
>
> Is this a custom admin page that you created?
>
> If your page is authenticating against the "mysql" database, then you
should
> know that MySQL encrypts the password and stores the encrypted password.
>
> So if you use the GRANT statement to create a new user that looks like:
> User: admin
> Pass: Secrets
>
> ...MySQL will store this as:
> User: admin
> Pass: Ata91230t!44
>
> So if you try to login and your login code looks like:
> if($PasswordEntered == $DatabasePassword)
> {
> ...
> }
>
> So even if $PasswordEntered equals "Secrets", it won't be the same,
because
> it won't match the encrypted password.
>
> - Jonathan
>
> -----Original Message-----
> From: Michael Elliott [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 13, 2001 5:54 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Connecting to MySQL Database
>
>
> I am trying to create an admin page to administer my database. I used a
> file .sql to create my database. In the file, I included:
>
> grant select, insert, update, delete
> on database.*
> to admin@localhost identified by 'password';
>
> Why can I not log in successfully using admin and password?
>
> Thanks
>
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
