Alright here goes.....
This is my login function:
function login($username, $password)
// check username and password with db
// if yes, return true
// else return false
// connect to db
$conn = db_connect();
// check if username is unique
$result = mysql_query("select * from admin
where username='username' and
password = password('$password')");
And here is my admin.php page:
// include function files for this application
if ($username && $passwd)
// they have just tried logging in
if (login($username, $passwd))
// if they are in the database register the user id
$admin_user = $username;
// unsuccessful login
echo "You could not be logged in.
You must be logged in to view this page. <br>";
echo "You are not authorized to enter the administration area.";
I checked my database and as you said, the password has been encrypted.
Shouldn't MySQL be able to compare it against an encrypted password?
Thanks for your help!
"Jonathan Hilgeman" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can you show us the code that checks the username and password to see if
> they're correct?
> Is this a custom admin page that you created?
> If your page is authenticating against the "mysql" database, then you
> know that MySQL encrypts the password and stores the encrypted password.
> So if you use the GRANT statement to create a new user that looks like:
> User: admin
> Pass: Secrets
> ...MySQL will store this as:
> User: admin
> Pass: Ata91230t!44
> So if you try to login and your login code looks like:
> if($PasswordEntered == $DatabasePassword)
> So even if $PasswordEntered equals "Secrets", it won't be the same,
> it won't match the encrypted password.
> - Jonathan
> -----Original Message-----
> From: Michael Elliott [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 13, 2001 5:54 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Connecting to MySQL Database
> I am trying to create an admin page to administer my database. I used a
> file .sql to create my database. In the file, I included:
> grant select, insert, update, delete
> on database.*
> to admin@localhost identified by 'password';
> Why can I not log in successfully using admin and password?
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]