[thelist] best way to check for valid user/password in PHP - oops 1 more qu..
Jim Puls
jim at nondifferentiable.com
Fri Jan 10 12:42:01 CST 2003
This is probably the solution you want.
Note that MySQL has a PASSWORD() function which is optimized for
storing one-way encrypted passwords.
When adding a user to the table, you'd use
INSERT INTO users (username,password,...) VALUES
('username',PASSWORD('password'),...);
PHP code to authenticate is as follows. Notice that you generally
don't need the @ in front of mysql_query, because you're going to want
to see any errors that it throws out.
$sql = "SELECT * FROM users WHERE username = '$username' " .
"AND password = PASSWORD('$password') " .
"AND privs & $level != 0";
$res = mysql_query($sql,$database);
if (mysql_num_rows($res)) {
$row = mysql_fetch_row($res);
}
else spew_error_message();
On Thursday, January 9, 2003, at 03:00 PM, Jason Handby wrote:
>> how do I get my row info later? Since I have to take out the
>> @mysql_query() from my $result query..its now $result = "SQL here";
>>
>> So now, I can't use $row = mysql_fetch_array($result); to get my rows
>> since $result isn't a valid query... I get this error:
>
> Good question. I'm not a PHP expert, so at this point I'd modify the
> query
> so that it always returns a result:
>
> SELECT COUNT(*) FROM reguser WHERE username = '$username' AND
> password =
> '$password'
>
> Then just check to see if it's returned a non-zero number of matches.
>
> Of course there might be a better way of doing this in PHP!
>
More information about the thelist
mailing list