Banner

Sponsor

Login

Welcome Back!
Guest
Guest

Register

Lost your password?

89 users online

SQL Password Function

SQL Password Function

Forums » Web Development » Server Side - PHP/MySQL/etc. » SQL Password Function

Currently viewing this thread: 1 (0 members and 1 guests)

#1
Old Post November 5th, 2005 09:41 AM
mcrob

mcrob

Neverside Newbie
Status: Offline!

SQL Password Function

Hey users I need your help fast! Basically I downloaded an extension and I was reading the manual to help me out and I cant the login system to work. Im creating a client registration function and at first I tried using the md5 and when I tried logging in, it wouldnt work. In the manual it said that I should use the SQL password function() . After I tried using the crypt function and that didnt work neither. I just hope someone knows exactly what that is, I need to know. thank you.

___________________

RoB

#2
Old Post November 5th, 2005 12:21 PM
TheClincher

TheClincher

Lost in Berkeley, CA
Status: Offline!

Is the password encrypted with md5? md5 creates theoretically undecipherable hashes (it takes an input and produces an output that looks like garbled random text). Upon registration you would md5(password) before putting it into the database. When logging in with the password provided you md5 it and do a comparison to check if the hashes are the same and grant access if they are.

What's this log in system? Is the password encrypted? Have you tried encrypting it and comparing them against each other?

___________________

There is no theory of evolution. Just a list of creatures Chuck Norris has allowed to live.

#3
Old Post November 5th, 2005 06:09 PM
mcrob

mcrob

Neverside Newbie
Status: Offline!

Check it out. this is the registration page. I used the crypt function

<?php require_once('Connections/companyconnection.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO clients (userlevel, firstname, lastname, username, password, country, homeaddress, city, state_province, zip_postalcode, telephonenumber, cellphonenumber, faxnumber, emailaddress, dateregistered, referral, receievepromotions) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['userlevel'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString(crypt($_POST['password']), "text"),
GetSQLValueString($_POST['country'], "text"),
GetSQLValueString($_POST['homeaddress'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['state_province'], "text"),
GetSQLValueString($_POST['zip_postal_code'], "text"),
GetSQLValueString($_POST['telephonenumber'], "text"),
GetSQLValueString($_POST['cellphone_number'], "text"),
GetSQLValueString($_POST['faxnumber'], "text"),
GetSQLValueString($_POST['emailaddress'], "text"),
GetSQLValueString($_POST['date_registered'], "text"),
GetSQLValueString($_POST['referral'], "text"),
GetSQLValueString($_POST['promotion'], "text"));

mysql_select_db($database_fohiyesconnection, $fohiyesconnection);
$Result1 = mysql_query($insertSQL, $fohiyesconnection) or die(mysql_error());
}
?>

___________________

RoB

#4
Old Post November 5th, 2005 11:44 PM
Kickboy

Kickboy

Neverside Newbie
Status: Offline!

crypt() won't work as it generates a different string each time it's used, making it impossible to verify/compare a password to it.

You need to use md5

___________________

I don't suffer from insanity; I enjoy every minute of it.
Unintended Theory | Cacrew v4

#5
Old Post November 6th, 2005 09:35 AM
mcrob

mcrob

Neverside Newbie
Status: Offline!

exactly. I used an md5 code also but it doesnt work! Im confused man. What the hell do they mean the SQL password function Eek

___________________

RoB

#6
Old Post November 6th, 2005 10:32 AM
TheClincher

TheClincher

Lost in Berkeley, CA
Status: Offline!
PHP:

<?php
$insertSQL sprintf("INSERT INTO clients (userlevel, firstname, lastname, username, 
password, country, homeaddress, city, state_province, zip_postalcode, telephonenumber, 
cellphonenumber, faxnumber, emailaddress, dateregistered, referral, receievepromotions)
 VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
?>

before you insert it, apply the password encryption function (whatever the hell it is). if you want to retrieve something, you use the password encryption function again and compare its output with the encrypted password in the database.

here's a concept

*) reigstration is submitted
-password is encrypted, let's say $pass = fPass($theUserPass);
-$pass is put into the database
*) when you log in
-encrypt the password received from the log in, $loginpass = fPass($theLoginPass);
-compare w/table data (if ($loginpass == $pass) { allow access } )

PHP:

<?php
 GetSQLValueString(crypt($_POST['password']), "text"),
?>

I take it that that's suppose to retrieve the string? You won't get any result since you're encrypting it...

That's just my guess.

___________________

There is no theory of evolution. Just a list of creatures Chuck Norris has allowed to live.

Last edited by TheClincher, November 6th, 2005 10:32 AM (Edited 1 times)

#7
Old Post November 7th, 2005 09:26 PM
mcrob

mcrob

Neverside Newbie
Status: Offline!

How can I use the SQL password function upon client regstration

what should I change this into?

GetSQLValueString(($_POST['password']), "text"),

___________________

RoB

#8
Old Post November 7th, 2005 11:27 PM
admiralskeet

admiralskeet

cssNinja
Status: Offline!

GetSQLValueString((md5($_POST['password']),"text")

___________________

http://www.userbars.com/galerie/images/files/3/4/phpuser.jpg
:07 Seconds a Web Development/Web Design Blog

#9
Old Post November 8th, 2005 07:22 AM
TheClincher

TheClincher

Lost in Berkeley, CA
Status: Offline!
Originally posted by mcrob:

How can I use the SQL password function upon client regstration

what should I change this into?

GetSQLValueString(($_POST['password']), "text"),

PHP:

<?php
$insertSQL sprintf("INSERT INTO clients (userlevel, firstname, lastname, username, 
password, country, homeaddress, city, state_province, zip_postalcode, telephonenumber, 
cellphonenumber, faxnumber, emailaddress, dateregistered, referral, receievepromotions)
 VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
?>

hm.. uh... i don't use sprintf, but if it were something like "insert into clients this that that $password"
id' first do something like

$encrypted_password = md5($password)

then insert that into the database

and yea do what the person above says

___________________

There is no theory of evolution. Just a list of creatures Chuck Norris has allowed to live.

Quick Jump:

Main Navigation

Site & Graphic Design by Aeon Tan
Developed by Jeremie Pelletier & Scott Roach

NeverAPI generated this page in 0.0097 seconds.