Reply to Re: [PHP] username and password auth

Your name:

Reply:


Posted by Richard Lynch on 02/17/05 20:14

William Stokes wrote:
> What is the best or right way to compare users name and password given in
> a
> web form to data in mysql database?

It's kind of a Good Idea to store the password encrypted using MySQL's
md5() function or other similar functions.

In the old days, you'd use their password() function so you still see that
a lot, but it's deprecated, as they want to be able to change the guts
under-pinning their password() function that they use internally, since
various encryption algorithms become obsolete.

The point being that if somebody breaks into the database, they don't see
any actual passwords, just a bunch of useless junk -- But *YOU* can call
the md5() function on a password and compare the result to what's there.

md5 and similar functions are what you call a "one-way" encryption --
There's no (easy) way to take the output and go backwards to the input.

> I saw one example where sql SELECT query was made with username and
> password
> as WHERE and the script tested how many rows was returned from database if
> there was 1 row returned the login was accepted.
>
> Is there other ways to do this? What if the usertable has more than these
> 2
> columns.

You don't care about the number of COLUMNS.

If you have two *ROWS* with the same username, then you have the same user
in there twice, which is BAD or two people using the same username which
is REAL BAD. Don't do that. :-)

So what you saw was fine, but it would be better to use an encryption
function on the password as well.

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация