deved Posted August 30, 2006 Share Posted August 30, 2006 I'm using the mysql.user table to authenticate users, and apparently it uses PASSWORD() as the encryption method.I can use PHP to insert users and passwords using either md5 or SHA1, but not the PASSWORD() method. Where it falls down is when authenticating a user it doesn't recognize the non-PASSWORD method, and therefore doesn't allow access.Does anyone know how to enable PHP to use the PASSWORD() encryption method, or can this encryption method be changed in MySQL to say md5 or sha1.Cheers Link to comment Share on other sites More sharing options...
reportingsjr Posted August 30, 2006 Share Posted August 30, 2006 Im pretty sure that it is one of the standard ones, ive had some issues with it before.. I tried it one time, it worked great, then I tried again and didnt work at all! Try the isfunction() to see if it exists on your server (right function correct? I forget what it is exactly). Link to comment Share on other sites More sharing options...
justsomeguy Posted August 30, 2006 Share Posted August 30, 2006 The PASSWORD function doesn't have anything to do with PHP, it is a function in MySQL. You use it in the query itself.SELECT * FROM users WHERE password=PASSWORD($pw) Link to comment Share on other sites More sharing options...
reportingsjr Posted August 31, 2006 Share Posted August 31, 2006 Well d'oh! Thats what I was doing wrong!! Man, I put the inside of curly braces so it tried to use it as a php functions =\. Link to comment Share on other sites More sharing options...
deved Posted August 31, 2006 Author Share Posted August 31, 2006 The PASSWORD function doesn't have anything to do with PHP, it is a function in MySQL. You use it in the query itself.SELECT * FROM users WHERE password=PASSWORD($pw)I've called the function in MySQL Query Browser and it will return the result, however is there a way to make it work within PHP like the md5 & sha1 encryption methods? All I found on the php.net site was the latter two. Link to comment Share on other sites More sharing options...
reportingsjr Posted August 31, 2006 Share Posted August 31, 2006 Instead of trying to use it on the $_post just stick password around it, like this: $query = "SELECT * FROM `users` WHERE password = password({$_POST['password']})" , easy peazy!EDITED BECAUSE OF WHAT JUSTSOMEGUY SAID Link to comment Share on other sites More sharing options...
justsomeguy Posted August 31, 2006 Share Posted August 31, 2006 I think you can probably leave out the quotes, since MySQL will know it's a string. The quotes might actually make it search for the text "password(..." Link to comment Share on other sites More sharing options...
deved Posted September 1, 2006 Author Share Posted September 1, 2006 Managed to test your scripts and they worked for retrieving data (thanks), however couldn't enter PASSWORD() into the mysql.`user` table, without first entering as either md5 or sha1, then could use the UPDATE/SET commands to change to PASSWORD() encryption (also found the mysql server had to be restarted before the new password would work). Link to comment Share on other sites More sharing options...
reportingsjr Posted September 1, 2006 Share Posted September 1, 2006 Are you sure? What error did it give? (try using it in lowercase) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now