Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Programming/Scripts

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th November 2007, 21:37
igongora igongora is offline
Junior Member
 
Join Date: Apr 2007
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default PHP authentication with mysql encrypt function

Hi,

I have a mysql table where I store passwords using mysql encrypt function, and I would like to be able to create a login script where I can type in login and password and then it will authenticate my user. However, whenever I try to encrypt the password I get a new character string, how can I acheive my goal without changing encrypt by md5 or other similar.

Regards,
Reply With Quote
Sponsored Links
  #2  
Old 29th November 2007, 15:51
Mosquito Mosquito is offline
Member
 
Join Date: Nov 2006
Posts: 85
Thanks: 5
Thanked 4 Times in 3 Posts
Default

Assuming you have only a Text Field for User name and password - named 'username' and 'password',

To verify login:
Code:
$query = "SELECT username, password, other_fields FROM users_table WHERE username = $_REQUEST['username'] AND password = encrypt($_REQUEST['password'])";
$result = mysql_query($query) or die('Query failed: ' . mysql_error()); 

if (mysql_num_rows($result) == 1)
{
	//successful login
}
else
{
	// not successful
}
I just wrote this code up now, so I haven't tested it. However, it should work with few modifications. What this script does it make sure only 1 row is returned (matching username and password...hopefully those are unique on your database). The query itself, will use the MySQL encrypt() function to compare the input password to what is in the database.

If you have PHP/MySQL questions, take a look at
http://php.net/mysql

Last edited by Mosquito; 29th November 2007 at 15:54.
Reply With Quote
  #3  
Old 29th November 2007, 18:08
igongora igongora is offline
Junior Member
 
Join Date: Apr 2007
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks moskito,

but it did not work, th eporblem I have is that encrypt retunrs each time an encrypted string differetne form the previous so the passwords do not match.

for instance:
SELECT encrypt('abc') as string FROM `users` LIMIT 1
Z9Uu2KHZiz/6Y
SELECT encrypt('abc') as string FROM `users` LIMIT 1
HAgC9F0JjlOCE

The passwords never match..
regards,
Reply With Quote
  #4  
Old 29th November 2007, 20:46
Mosquito Mosquito is offline
Member
 
Join Date: Nov 2006
Posts: 85
Thanks: 5
Thanked 4 Times in 3 Posts
Default

How are you inserting these into the database? Are you using a salt? Or did you use the MySQL PASSWORD() function on the insert? If you did the latter, change the ecrypt() calls in my above code to password().
Reply With Quote
  #5  
Old 17th February 2009, 10:10
bvidinli bvidinli is offline
Junior Member
 
Join Date: Sep 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

goto mysql console, type:
select encrypt('aaa','aa');

i think you will be able to get same string with encrypt('string','salt')
this way, you will be able to store and match passwords in mysql database..
hope this helps,
let me know if this worked..
Reply With Quote
  #6  
Old 13th August 2011, 20:16
new new is offline
Junior Member
 
Join Date: Aug 2011
Posts: 4
Thanks: 4
Thanked 0 Times in 0 Posts
Default encrypt function in registration form

Moskito, verify login works, but I Wonder how ..?

I did follow Falko's tutorial Here... and everything works perfect, the only thing that I dont get.. is how to:

Make register form that match the "encrypt".

I have posted a question in ubuntu forums ( here )... But dont get any result.

If I type (in my server terminal):
PHP Code:
mysql -u root -p
####  password here
USE mail;
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('my@site.com'ENCRYPT('PassGoHere'), 10485760);
quit
works perfect, but how to insert these values (from a PHP) registration from???

I have not idea... how to make my registration form >>> to insert "ENCRYPT" password, like I do in my server terminal.

regards.

Last edited by new; 13th August 2011 at 20:18.
Reply With Quote
  #7  
Old 14th August 2011, 21:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Take a look here: http://www.php.net/manual/en/function.crypt.php#69808
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
new (15th August 2011)
  #8  
Old 15th August 2011, 19:15
new new is offline
Junior Member
 
Join Date: Aug 2011
Posts: 4
Thanks: 4
Thanked 0 Times in 0 Posts
Default encrypt function in registration form

Thanks Falko.

There is a "SELECT" function from DB table.. with which I have no problem.

The deal is in my PHP registration FORM, whre I have to "INSERT" ENCRYPT password.

Eg. register.php
PHP Code:
<form id="register" name="register" method="post" action="exec.php" class="new.user">

[.....]

<
label>Username</label>
<
input name="uname" type="text" class="textfield" id="uname" />
<
input type="hidden" name="site" value="@my.site.com"  id="site"  maxlength="128" />
 <
br />

<
label>Password</label>
<
input name="password" type="password" class="textfield" id="password" />

<
label>Confirm Password</label>
<
input name="cpassword" type="password" class="textfield" id="cpassword" />

[....] 
exec.php

PHP Code:
[....]

$Umail $_POST['uname'].'/'.$_POST['site'];


    
$qry "INSERT INTO users(email, password, ..., ...) VALUES('$Umail','" xxxxxxxxxxxxxxx ($_POST['password'])."','...', '...')";
    
$result = @mysql_query($qry);

[....] 
Kalko... the whole process works perfect, but where the xxxxxxxxxx are .. is the part where I do not know what to put, in order to make "INSERT" the password by ENCRYPT.

Remenber that from your tutorial, we do INSERT these values from MYSQL terminal using:
PHP Code:
INSERT INTO users(emailpassword, ..., ...) VALUES('$Umail','" ENCRYPT($_POST['password_here'])."','...''...')"; 
But I need to let users do it from my php registration form.

Regards

Last edited by new; 15th August 2011 at 19:18.
Reply With Quote
  #9  
Old 15th August 2011, 20:12
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

if you don't supply a salt with mysql encrypt, mysql will use a random one, every time you call the function, that's why "SELECT encrypt('abc') as string FROM `users` LIMIT 1" returns something else every time you run it.

Just let php encrypt the entered password (with f.e. crypt() as Falko pointed out) and supply a ready-to-insert password to mysql. I think in this case it's better to try and use that method first.
Reply With Quote
The Following User Says Thank You to Mark_NL For This Useful Post:
new (15th August 2011)
  #10  
Old 15th August 2011, 21:13
new new is offline
Junior Member
 
Join Date: Aug 2011
Posts: 4
Thanks: 4
Thanked 0 Times in 0 Posts
 
Default

@Mark_NL ... I do not follow you

How do I use "INSERT" ENCRYPT password .... in my php registration (exec.php)???

Since Falko's tutorial teach how to do it in "MySQL Terminal" adding by direct way a ENCRYPT function, but... I really don't know how to make "apply" that funtion in order to get it work..

e.g >>> if in exec.php I use:
PHP Code:
INSERT INTO users(emailpassword, ..., ...) VALUES('$Umail','" CRYPT($_POST['password'])."','...''...')
It works.. but crypt() funtions insert password ok, but don't let (IMAP) read back the pass as "encrypted", neither pure-ftp...

Don't know if I explain this issue the corrected way, but I just ask "please", to someone let me know: how to insert users password From a web based php, into my users DB table, as I do From MySQL terminal (like Falko's tutorial said)... how to Insert from my web based registration (exec.php) :

INSERT INTO users(email, password, ..., ...) VALUES('$Umail', '"what_do_I_place_here_to_match_encrypt_funtion_like _tutorial_said ($_POST['password'])."','...', '...')";

Sorry my ignorance, and thanks a lot.

Regards

PD:

Little back ground to clear up my comments:

I did follow Falko's tutorial "virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-10.10".. but about "page 4", in chapter 13 >>> "Populate The Database And Test", using "... MySQL shell", wich I have done that part with not problem at all.

So, how do I use (ENCRYPT) value on a registration_form.php (register.php) that match what I do in MySQL shell..?

I collect user user name, and password info from register.php >>> ... and procces/insert that info through a php script named exec.php

How do I use "INSERT" ENCRYPT password .... in (exec.php) ???... where:

INSERT INTO users(..., password) VALUES('...','" CRYPT($_POST['password']))" <<< (no work, squirrelmail don't recognize the encrypted pass)
INSERT INTO users(..., password) VALUES('...','" ENCRYPT($_POST['password']))" <<< (no work, "php error said that ENCRYPT" function is not recognize as a valid)

Regards

Last edited by new; 15th August 2011 at 23:37.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freebsd 6.1 support misterm Installation/Configuration 10 9th April 2009 09:29
Slightly Confused (DNS & Server Help) JohnnyBGoode Installation/Configuration 26 14th August 2007 09:54
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18
SuSE Enterprise, PHP binary coming with ISPConfig does not work properly NexusTechUS Installation/Configuration 1 26th April 2007 20:03


All times are GMT +2. The time now is 21:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.