HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Programming/Scripts (http://www.howtoforge.com/forums/forumdisplay.php?f=7)
-   -   PHP authentication with mysql encrypt function (http://www.howtoforge.com/forums/showthread.php?t=17804)

igongora 28th November 2007 21:37

PHP authentication with mysql encrypt function
 
Hi,

I have a mysql table where I store passwords using mysql encrypt function, and I would like to be able to create a login script where I can type in login and password and then it will authenticate my user. However, whenever I try to encrypt the password I get a new character string, how can I acheive my goal without changing encrypt by md5 or other similar.

Regards,

Mosquito 29th November 2007 15:51

Assuming you have only a Text Field for User name and password - named 'username' and 'password',

To verify login:
Code:

$query = "SELECT username, password, other_fields FROM users_table WHERE username = $_REQUEST['username'] AND password = encrypt($_REQUEST['password'])";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());

if (mysql_num_rows($result) == 1)
{
        //successful login
}
else
{
        // not successful
}

I just wrote this code up now, so I haven't tested it. However, it should work with few modifications. What this script does it make sure only 1 row is returned (matching username and password...hopefully those are unique on your database). The query itself, will use the MySQL encrypt() function to compare the input password to what is in the database.

If you have PHP/MySQL questions, take a look at
http://php.net/mysql

igongora 29th November 2007 18:08

Thanks moskito,

but it did not work, th eporblem I have is that encrypt retunrs each time an encrypted string differetne form the previous so the passwords do not match.

for instance:
SELECT encrypt('abc') as string FROM `users` LIMIT 1
Z9Uu2KHZiz/6Y
SELECT encrypt('abc') as string FROM `users` LIMIT 1
HAgC9F0JjlOCE

The passwords never match..
regards,

Mosquito 29th November 2007 20:46

How are you inserting these into the database? Are you using a salt? Or did you use the MySQL PASSWORD() function on the insert? If you did the latter, change the ecrypt() calls in my above code to password().

bvidinli 17th February 2009 10:10

goto mysql console, type:
select encrypt('aaa','aa');

i think you will be able to get same string with encrypt('string','salt')
this way, you will be able to store and match passwords in mysql database..
hope this helps,
let me know if this worked..

new 13th August 2011 20:16

encrypt function in registration form
 
Moskito, verify login works, but I Wonder how ..?

I did follow Falko's tutorial Here... and everything works perfect, the only thing that I dont get.. is how to:

Make register form that match the "encrypt".

I have posted a question in ubuntu forums ( here )... But dont get any result.

If I type (in my server terminal):
PHP Code:

mysql -u root -p
####  password here
USE mail;
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('my@site.com'ENCRYPT('PassGoHere'), 10485760);
quit

works perfect, but how to insert these values (from a PHP) registration from???

I have not idea... how to make my registration form >>> to insert "ENCRYPT" password, like I do in my server terminal.

regards.

falko 14th August 2011 21:42

Take a look here: http://www.php.net/manual/en/function.crypt.php#69808

new 15th August 2011 19:15

encrypt function in registration form
 
Thanks Falko.

There is a "SELECT" function from DB table.. with which I have no problem.

The deal is in my PHP registration FORM, whre I have to "INSERT" ENCRYPT password.

Eg. register.php
PHP Code:

<form id="register" name="register" method="post" action="exec.php" class="new.user">

[.....]

<
label>Username</label>
<
input name="uname" type="text" class="textfield" id="uname" />
<
input type="hidden" name="site" value="@my.site.com"  id="site"  maxlength="128" />
 <
br />

<
label>Password</label>
<
input name="password" type="password" class="textfield" id="password" />

<
label>Confirm Password</label>
<
input name="cpassword" type="password" class="textfield" id="cpassword" />

[....] 

exec.php

PHP Code:

[....]

$Umail $_POST['uname'].'/'.$_POST['site'];


    
$qry "INSERT INTO users(email, password, ..., ...) VALUES('$Umail','" xxxxxxxxxxxxxxx ($_POST['password'])."','...', '...')";
    
$result = @mysql_query($qry);

[....] 

Kalko... the whole process works perfect, but where the xxxxxxxxxx are .. is the part where I do not know what to put, in order to make "INSERT" the password by ENCRYPT.

Remenber that from your tutorial, we do INSERT these values from MYSQL terminal using:
PHP Code:

INSERT INTO users(emailpassword, ..., ...) VALUES('$Umail','" ENCRYPT($_POST['password_here'])."','...''...')"; 

But I need to let users do it from my php registration form.

Regards

Mark_NL 15th August 2011 20:12

if you don't supply a salt with mysql encrypt, mysql will use a random one, every time you call the function, that's why "SELECT encrypt('abc') as string FROM `users` LIMIT 1" returns something else every time you run it.

Just let php encrypt the entered password (with f.e. crypt() as Falko pointed out) and supply a ready-to-insert password to mysql. I think in this case it's better to try and use that method first.

new 15th August 2011 21:13

@Mark_NL ... I do not follow you :confused:

How do I use "INSERT" ENCRYPT password .... in my php registration (exec.php)???

Since Falko's tutorial teach how to do it in "MySQL Terminal" adding by direct way a ENCRYPT function, but... I really don't know how to make "apply" that funtion in order to get it work..

e.g >>> if in exec.php I use:
PHP Code:

INSERT INTO users(emailpassword, ..., ...) VALUES('$Umail','" CRYPT($_POST['password'])."','...''...')

It works.. but crypt() funtions insert password ok, but don't let (IMAP) read back the pass as "encrypted", neither pure-ftp...

Don't know if I explain this issue the corrected way, but I just ask "please", to someone let me know: how to insert users password From a web based php, into my users DB table, as I do From MySQL terminal (like Falko's tutorial said)... how to Insert from my web based registration (exec.php) :

INSERT INTO users(email, password, ..., ...) VALUES('$Umail', '"what_do_I_place_here_to_match_encrypt_funtion_like _tutorial_said ($_POST['password'])."','...', '...')";

Sorry my ignorance, and thanks a lot.

Regards

PD:

Little back ground to clear up my comments:

I did follow Falko's tutorial "virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-10.10".. but about "page 4", in chapter 13 >>> "Populate The Database And Test", using "... MySQL shell", wich I have done that part with not problem at all.

So, how do I use (ENCRYPT) value on a registration_form.php (register.php) that match what I do in MySQL shell..?

I collect user user name, and password info from register.php >>> ... and procces/insert that info through a php script named exec.php

How do I use "INSERT" ENCRYPT password .... in (exec.php) ???... where:

INSERT INTO users(..., password) VALUES('...','" CRYPT($_POST['password']))" <<< (no work, squirrelmail don't recognize the encrypted pass)
INSERT INTO users(..., password) VALUES('...','" ENCRYPT($_POST['password']))" <<< (no work, "php error said that ENCRYPT" function is not recognize as a valid)

Regards


All times are GMT +2. The time now is 20:58.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.