[PHP] Re: password field validation
Jason Todd Slack-Moehrle wrote:
> Hi All,
>
> I have an input field with type="password".
>
> I am trying to do some error checking to see if the user puts a value in
> after they submit the form (i.e not left it blank)
>
> Here is what I have:
>
> on form:
> Password:
>
> In PHP error checking:
>
> if (empty($_POST[PASSSWORD]))
> { $GERROR="TRUE";}
>
> even though I am putting characters in the field before I submit I am
> always getting TRUE returned.
>
> This same tactic works for other fields I have that I need to make sure
> they put values in, just I have never done this before with a password
> field.
>
> What am I doing wrong? I just want to make sure they put something there!
>
> -Jason
Could it be that your $_POST[PASSSWORD] has three "S"s in it and your
form field name="PASSWORD" only has 2?
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password Protecting a page and email notification
R.C. wrote:
I'm going to ask you PHP gurus if someone can give me a hand in trying to
get this resolved. I'm fairly new to PHP and learning as I go.
I've got two page "login.php" and video.php. Video.php is supposed to be
protected i.e. if someone clicks on the direct link or brings up the page in
a browser, it comes back with an error message and a request to link to
"login.php"... they type in their username/pasword and it opens up the
video.php so they can download videos.
I actually managed to accomplish that with the following code which sits at
the top of video.php. I also created a form on "login.php" for user input.
So far so good. However, we also need an email to be sent to the site owner
when someone logs in plus their name. For the hell of me, I can't figure
out how to combine the two elements. I tried a lot of things sofar, but
nothing works. It's either the page gets protected OR the email gets sent,
depending on what I leave in the script. I tried using part of Jenny's
script which is great for email forms but I can't combine this whole thing.
Hlp!!
/*this is the code that sits at the top of the protected page* which works
actually fine for the protection*/
";
echo "Please log in at HERE to enter your
Username and Password";
exit();
}
Can this be done on one form i.e. login.php? I have 4 textfields set up:
username, password, email, name (for the person sending the email...)..
some if clause somewhere?
Best
R.C.
what you have here looks fine. just put the mail() command in the first
part of the if...
if (($_SESSION['username'] == 'logon')
and ($_SESSION['userpass'] == 'password')) {
... SEND MAIL HERE ...
$_SESSION['authuser'] = 1;
}
else {
echo "I'm sorry, access is denied ";
echo "Please log in at HERE to enter your
Username and Password";
exit();
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password encryption and password retrieval
Usually passwords are encrypted using one-way algorithms. Of course, there are two-way algorithms which can be reversed, but time and experience has shown that not to be necessary for user passwords. A one-way algorithm is much like the modulus operation: 15 % 4 gives you 3 but even if you know the result and the divider, there is no way you can guess that 15 was the original number. One-way encryption algorithms do something like this, they loose some information in the process so the original cannot be recovered (no decryption) even though the encryption process is perfectly predictable and reproducible. Though the impossibility of recovery can be seen as a drawback it also means that the system administrator nor the programmer can figure out the passwords, thus, my password is safe, even from the administrator or his/her newbie junior assistant who dreams with becoming a famous hacker. Thus, if a user gets his/her password lost, you e-mail a new and urge him/her to change it ASAP. Satyam "Deep" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi evryone, > > I want to implement a site where i would like to > encrypt the password of the users and store it into > mysql > database. My question is that , In case if the user > has forgotten the password how can he retrieve the > password(which is already encrypted and stored...the > user should be able to get the decrypted password). > > Also which encryption method would you recommend. ie. > md5,crypt, etc > > Thanx, > ..Deeps.. > > > Yahoo! India Matrimony: Find your life partner online > Go to: http://yahoo.shaadi.com/india-matrimony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password case sensitive
William Stokes wrote: Hello, I got my little user authentication to work but now I would like to know how to make and check the (upper/lower) case in password. To put it simple. I want users password to be case sensitive. The authentication checks for returned number of rows from DB. If there is one matching row the user is authenticated ok. Is it possible to check the case sensitiviness in this kind of authentication or do I need to do this differently. Thanks -Will depending on your database and your query, it probably already checks case-sensitive. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password Protection
Thank you people. "Kevin Javia" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I am experimenting on my site and I want to make it password protected like > www.realsolution.com. > > If any one enters correct user name and password, only then they will be > able to enter into my site. > > How can I do that in PHP? > > Any ideas? Thanks a ton in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password Protection
Kevin Javia wrote:
I am experimenting on my site and I want to make it password protected like
www.realsolution.com.
If any one enters correct user name and password, only then they will be
able to enter into my site.
How can I do that in PHP?
Any ideas? Thanks a ton in advance.
Try this:
function authenticate() {
header('WWW-authenticate: basic realm="My protected area"');
header('HTTP/1.0 401 Unauthorized');
print 'Please use a correct login!';
exit;
}
function authorize() {
if( (!isset($_SERVER['PHP_AUTH_USER']))
or ($_SERVER['PHP_AUTH_USER'] == '') ) {
authenticate();
}
else {
$login = strtolower($_SERVER['PHP_AUTH_USER']);
$passwd = $_SERVER['PHP_AUTH_PW'];
if (.) { // check $login and $passwd against the list of
authorized users
return true;
}
else {
authenticate();
}
}
return false;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password protected downloads
"Maldiv" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > I want to make a password protected download possibility on my site. I know > how can I handle normal user login, but how can I protect a download from > guests? > I mean if user navigate to www.demo.com/mydownload.zip than he can download > the file without login. How can I prevent this downloads? One way is to store all your download files outside of the webroot and/or protect the directory with .htacces. Then use PEAR's HTTP_Download to serve the files as a download to the user: http://pear.php.net/package/HTTP_Download Hope this helps. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password
You have an error with your brackets. Your code looks like this
if (strlen($_POST['password1']) > 0)
{
if ($_POST['password1'] ==($_POST['password2']
{
$password = TRUE;
}
if (strlen($_POST['password1']) > 0)
{
if ($_POST['password1'] ==$_POST['password2'] ) <= your parenthesis here
was in the wrong place
{
$password = TRUE;
}
}<= and you forgot the closing bracket
Hope that helps.
Respectfully
Ligaya Turmelle
"Erik Gjertsen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I try to made a administrator page that I need to writ user name and
> password. But I have problem with the password. There comes one error
where
> I writ 1..(one)
> I have not made a table on MySql but in the book I read it scowl work.
> Can some one tell me why it not work.
> Here is the code:
>
> if (isset($_POST['submit'])) { // Handel the form
> // check for name
>if (strlen($_POST['name']) > 0) {
>$name = TRUE;
> } else {
>$name = FALSE;
>echo 'you have forgot to enter your name';
> }
> // check for email adress
> if (strlen($_POST['email']) > 0) {
> $email = TRUE;
> } else {
> $email = FALSE;
> echo 'you have forgot to enter your email adress';
> }
> // check for a usermame
> if (strlen($_POST['usermame']) > 0) {
> $usermame = TRUE;
> } else {
> $usermame = FALSE;
> echo 'you have forgot to enter your usermame';
> }
>
> //check for a password and match against the comfirmed password.
>
> if (strlen($_POST['password1']) > 0) {
> if ($_POST['password1'] ==
>($_POST['password2'] {
> $password = TRUE;
>
> 1.. } else {
> $password = FALSE;
> echo ''
> }
> } else {
> $password = FALSE;
> echo 'You forgot to enter your password!';
> }
> if ($name && $email && $username && $password)
> { // if everyting's okayOK.
> //Register the user.
> echo 'you are now register.'
> } else { //Something is not TRUE.
> echo 'Please go back and try again.'
> } else {
>
> ?>
>
>
> Enter your information in the form below
> Name: />
> Email: />
> User name: maxlength="40" />
> Password: maxlength="40" />
> Confirm Password: size="20" maxlength="40" />
>
>
>
>
>
> Thanks fore any help
>
> Erik Gjertsen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password protection/encryption
Chris Mach wrote: Greetings, I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted). In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products. So my question is.. At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong? if you are sending passwords over the internet, then they can be sniffed in transit, it depends on how paranoid / how important the information is. Unless you encrypt them before sending (client side), but this is quite complicated You probably should just use https to do the encryption, it works the same as normal, the HTTP layer deals with all the encryption for you How secure is a password protected page done with just PHP? over http, with no encryption - not very secure over https - as secure as anything is on the internet Thanks Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password protection/encryption
Some questions to ask yourself... 1. Am I storing personally identifiable information (eg. Names, addresses, phone numbers, email addresses, credit card data)? 2. Will this data be stored in a text file or database? 3. Is this text file or database directly connected to the internet? 4. What type of data am I trying to protect? Answer these questions and you will know if you need to use public/private key encryption technology in your application. You are currently interested (from your post) in encrypting the data link layer of your website using SSL (Secure Socket Layer). The SSL or lock icon as you pointed out only encrypts data in a streaming manner (eg. when I click the submit button my username / password combination gets passed to the SSL protocol and wrapped in a layer of encryption to be decoded on the server). If you are storing data in a text file / database that would be a "yes" answer to the 4 quesitons listed above I would recommend using some sort of public / private key encrytion. PHP has several encryption functions for your use and links are listed below. When in doubt consult the manual at php.net. http://us4.php.net/manual/en/function.base64-encode.php http://us4.php.net/manual/en/function.base64-decode.php http://us4.php.net/manual/en/function.crypt.php http://us4.php.net/manual/en/ref.mcrypt.php Also a great recommendation... google.com is your friend you can find all sorts of good tips locating information on various encryption techniques and definitions. A great primer on public / private encrytion vs. one-way encryption can be found here... http://www.webopedia.com/TERM/e/encryption.html This site gives you basics of encryption and how it works. http://computer.howstuffworks.com/encryption.htm SSL information can be found here. http://www.webopedia.com/TERM/S/SSL.html Hope this helps Jas Chris Mach wrote: Greetings, I'm working on a project that involves a password protected area of a website. Some one also involved brought up the point that this area should be secure (Whit the lock icon indicating it is encrypted). In this particular project the password protected area will be a quote generating system for a company. Users would log in and choose the products they are interested in purchasing and the site would generate a quote depending on what they selected from the list of products. So my question is.. At what point is encryption necessary? I've always thought encryption was only needed when dealing with stuff like credit card information, am I wrong? How secure is a password protected page done with just PHP? Thanks Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Password storage system
Thanks, but I guess I forgot to mention it should be web-interface... http://passwordms.sourceforge.net/index.php For anyone wanting to look. > -Original Message- > Try PMS: Password Management System. I believe it can be found on > sourceforge. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Password storage system
> "Daevid Vincent" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > I'm in search of an 'enterprise level' password storage system. Try PMS: Password Management System. I believe it can be found on sourceforge. hth, chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password storage system
(This is a bit off topic, but I though might be helpful to some developers, it deals more with security concepts than PHP per se) I may be going out on a limb here, but I doubt you'll find something in the GPL/open source domain. we've built our own and pretty much does what you've described (used to work for a bank I did) If I could help to put you on the right track in terms of design, what you'll need is not just a password system, sounds like you want a authority system, with groups & roles. You really want to design a system that relies on resource "objects" for authentication and authorisation. Also to complete the security jargon, encryption and non-repudiation (mostly means logging & auditing) If you want to look at something that W3C is working on, try SAML, the security assertion markup lang... but it's in draft last time I looked, and that deals with authority and authentication. and it's all markup-ish and xml-ish of course ;-) There should be some tools based on SAML out there, I haven't looked, possibly not in PHP though. Back to building it: Think of authentication not only as a passwords, there's PIN authentication, there's token authentication, (one use tokens or multi-use tokens) and also digital certs, smart cards, RPGs (random password/pin gens ala SafeWord), etc (ie, password types) Then you need to ask, can a user with the right password access this resource? Does he need a password AND a cert? Does this bank account need two authorisers to sign off before you allow the money transfer? Of course one way crypt passwords are a must, but that's so simple it's a given. The above are just some things to think about before you embark on you quest to find the solution :) And it really depends what you want to do and how robust your solution needs to be. I can give you a few pointers if you want to take the discussion offline and email me. "Daevid Vincent" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I'm in search of an 'enterprise level' password storage system. I have looked at phpMyPass and it looks promising, but the demo doesn't seem to have everything I want. http://freshmeat.net/releases/127316/ While this one says v2.0 http://www.phpmypass.paniris.com/ Says 1.0 ?? I need it to be multiuser, have different security levels/access, encrypt and decrypt on the fly (phpmypass has all the passwords in the rendered HTML page :-( ), grouping of passwords (i.e. 'internal servers', websites, banks, clients sites, personal, etc). Ideally it should use mod_auth_mysql for security. The storage should be encrypted so that even root can't see the passwords in the database without the decryption key. Perhaps use a strong crypto algorithm for the important fields, not just the pw. I'd like to store: common name, url, username, pw, notes, incept date, last mod date at least. I could build this myself, or I could take phpMyPass and run with it, but I thought I'd see if there were anything else out there before I build this. http://daevid.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password generator
Hello, On 06/17/2003 06:45 AM, Davy Obdam wrote: I have to make a password generator, but i have a little problem. You may also want to try any of these classes: http://www.phpclasses.org/password%20generation -- Regards, Manuel Lemos Free ready to use OOP components written in PHP http://www.phpclasses.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password generator
Here's a little function that could help you...
It uses the ASCII table to generate the characters and it still needs to be
customized for any length
and to deny the use of the special characters...
Don't forget to set the mt seed!
function generatePassword() {
$passwd = "";
while(strlen($passwd)<10) {
switch(mt_rand(1,4)) {
case 1:
$tmp = chr(mt_rand(33,46));
if ($tmp!="'" && $tmp!="\"") {
$passwd .= $tmp;
}
break;
case 2:
$passwd .= chr(mt_rand(48,57));
break;
case 3:
$passwd .= chr(mt_rand(65,90));
break;
case 4:
$passwd .= chr(mt_rand(97,122));
break;
}
}
return $passwd;
}
"Davy Obdam" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi people,
>
> I have to make a password generator, but i have a little problem.
>
> - It needs to generate password 8 characters long, and including 1 or 2
> special characters(like #$%&*@).
> - Those special characters can never appear as the first or last
> character in the string... anywhere between is fine.
>
> I have a password generator script now that does the first thing... but
> the special character can be in front or back of the string wich it
> shouldnt.. i have been looking on the web for this but i havent found
> the answer. Below is my scripts so far..
>
> Any help is appreciated, thanks for your time,
>
> Best regards,
>
> Davy Obdam
>
> --
--
>
> // A function to generate random alphanumeric passwords in PHP
> // It expects to be passed a desired password length, but it
> // none is passed the default is set to 8 (you can change this)
> function generate_password($length = 8) {
>
> // This variable contains the list of allowable characters
> // for the password. Note that the number 0 and the letter
> // 'O' have been removed to avoid confusion between the two.
> // The same is true of 'I' and 1
> $allowable_characters =
"abcdefghefghijklmnopqrstuvwxyz0123456789%#*&";
>
> // We see how many characters are in the allowable list
> $ps_len = strlen($allowable_characters);
>
> // Seed the random number generator with the microtime stamp
> // (current UNIX timestamp, but in microseconds)
> mt_srand((double)microtime()*100);
>
> // Declare the password as a blank string.
> $pass = "";
>
> // Loop the number of times specified by $length
> for($i = 0; $i < $length; $i++) {
>
> // Each iteration, pick a random character from the
> // allowable string and append it to the password.
> $pass .= $allowable_characters[mt_rand(0,$ps_len-1)];
>
> }
>
> // Retun the password we've selected
> return $pass;
> }
>
> $password = generate_password();
> echo $password;
>
> ?>
>
> --
> ---
> Davy Obdam
> Web application developer
>
> Networking4all
> email: [EMAIL PROTECTED]
> email: [EMAIL PROTECTED]
> internet: http://www.networking4all.com
> ---
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PASSWORD()
I asked a similar question the other day, I was told to use the password
function on the field name, not the value, i havent tested this and its a
weird way to do things, and why cant both work? (if any)
"Mike Tsapenko" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, Victor.
>
> Your queries seem to be OK. The second one has typo: after should be
single
> quot.
> Anyway this is a problem with MySQL but not with PHP.
>
> --
>
> Mike Tsapenko
> Chief of Web-development Dept.
> AlarIT
> http://www.AlarIT.com
>
>
> "Victor" <[EMAIL PROTECTED]> ???/ ? ?:
> 000101c24f92$e7e80fc0$a3a96518@jumpy">news:000101c24f92$e7e80fc0$a3a96518@jumpy...
> > Is PASSWORD() still usable? I used it in my scripts a while ago to
> > encrypt and decript password strings that I stored into databases, but
> > from some time all my scripts don't work (the login part) because I
> > cannot do a mysql query like so:
> >
> > $sql = "SELECT * FROM users WHERE username = '$PHP_AUTH_USER' AND
> > password = PASSWORD('$PHP_AUTH_PW')";
> >
> > or:
> >
> > $sql = "SELECT * FROM users WHERE username = '$username AND password =
> > PASSWORD('$password')";
> >
> > is this wrong?
> >
> > Or am I just hallucinating?
> >
> > - vic
> >
> > __
> > Post your free ad now! http://personals.yahoo.ca
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PASSWORD()
Hello, Victor.
Your queries seem to be OK. The second one has typo: after should be single
quot.
Anyway this is a problem with MySQL but not with PHP.
--
Mike Tsapenko
Chief of Web-development Dept.
AlarIT
http://www.AlarIT.com
"Victor" <[EMAIL PROTECTED]> ???/ ? ?:
000101c24f92$e7e80fc0$a3a96518@jumpy">news:000101c24f92$e7e80fc0$a3a96518@jumpy...
> Is PASSWORD() still usable? I used it in my scripts a while ago to
> encrypt and decript password strings that I stored into databases, but
> from some time all my scripts don't work (the login part) because I
> cannot do a mysql query like so:
>
> $sql = "SELECT * FROM users WHERE username = '$PHP_AUTH_USER' AND
> password = PASSWORD('$PHP_AUTH_PW')";
>
> or:
>
> $sql = "SELECT * FROM users WHERE username = '$username AND password =
> PASSWORD('$password')";
>
> is this wrong?
>
> Or am I just hallucinating?
>
> - vic
>
> __
> Post your free ad now! http://personals.yahoo.ca
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Password in script
The password code will be parsed out by PHP, so, it won't be viewable in the HTML source delivered to the browser. Some advice: set up a user for your database that has the minimal amount of access necessary to perform queries or writing to the database and use that in your scripts. Don't ever use your master MySQL username and password. Monty > From: [EMAIL PROTECTED] (Sailom) > Newsgroups: php.general > Date: Fri, 19 Jul 2002 10:03:02 +0700 > To: [EMAIL PROTECTED] > Subject: Password in script > > I am new to PHP and MySQL and never have experience in this area. I am > writing a PHP script that connects to MySQL server. I have to put a > password of MySQL into the PHP script. I think it may not be secured. What > do you think? How can I make it more secure? Thanks. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: password=password('$password') <----- ? help me... :P
Try this:
$query = "SELECT username,password FROM users WHERE
username=\"".$username."\"
AND
password=\"".password($password)."\"";
MySQL needs all string data wrapped in quotes. Maybe the backslashes are a
bit confusing at first, but its worth taking the time to understand them.
Robert V. Zwink
http://www.zwink.net/daid.php
-Original Message-
From: LaserJetter [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 19, 2002 3:43 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: password=password('$password') <- ? help me... :P
Forget that last post - sorry!!!
Instead of using password('$password') in the query string, I would insert a
line before connecting to the DB:
$newpass = password($password)<-- dont need quotes round here
then
$query = "SELECT username,password FROM users WHERE username=$username AND
password=$newpass";
As $username and $newpass are already inside double quotes you dont need to
put them in again!!
LJ
"Hawk" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've been trying to get this to work for a while, and everyone says that I
> should use the same thing, but it doesn't work, can anyone tell me what
I'm
> doing wrong?
> from the form on the previous page I have the $username and $password vars
>
> mysql_connect($host, $user, $pswd);
> mysql_select_db($db);
> $query = "SELECT username,password FROM users WHERE username='$username'
AND
> password=password('$password')";
> $result = mysql_query($query);
> $num = mysql_num_rows($result);
>
> the $query line is made up from what everyone has told me to write..
> I tried to add a list($usarname, $pessword) = mysql_fetch_row($result);
> and it returned "" .. but when I removed the "AND
> password=password('$password')" part the list showed the username and the
> password in encrypted form
> I don't know how this could help me in any way, but atleast it shows I
have
> an encrypted password, but the problem is that the line everyone uses
> doesn't work.. maybe I need to change some setting in mysql och php.ini or
> something? anyone have any idea?
> I know I've asked this several times but it doesn't seem like I'm
understood
> with my problem. Hope I will be now.
>
> Hawk
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: password=password('$password') <----- ? help me... :P
Forget that last post - sorry!!!
Instead of using password('$password') in the query string, I would insert a
line before connecting to the DB:
$newpass = password($password)<-- dont need quotes round here
then
$query = "SELECT username,password FROM users WHERE username=$username AND
password=$newpass";
As $username and $newpass are already inside double quotes you dont need to
put them in again!!
LJ
"Hawk" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've been trying to get this to work for a while, and everyone says that I
> should use the same thing, but it doesn't work, can anyone tell me what
I'm
> doing wrong?
> from the form on the previous page I have the $username and $password vars
>
> mysql_connect($host, $user, $pswd);
> mysql_select_db($db);
> $query = "SELECT username,password FROM users WHERE username='$username'
AND
> password=password('$password')";
> $result = mysql_query($query);
> $num = mysql_num_rows($result);
>
> the $query line is made up from what everyone has told me to write..
> I tried to add a list($usarname, $pessword) = mysql_fetch_row($result);
> and it returned "" .. but when I removed the "AND
> password=password('$password')" part the list showed the username and the
> password in encrypted form
> I don't know how this could help me in any way, but atleast it shows I
have
> an encrypted password, but the problem is that the line everyone uses
> doesn't work.. maybe I need to change some setting in mysql och php.ini or
> something? anyone have any idea?
> I know I've asked this several times but it doesn't seem like I'm
understood
> with my problem. Hope I will be now.
>
> Hawk
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: password=password('$password') <----- ? help me... :P
Try changing all the single quotes to double quotes (' to "). As far as I
know, PHP only expands the contents of the variable if it inside double
quotes, otherwise it reads it as $variable
LJ
"Hawk" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've been trying to get this to work for a while, and everyone says that I
> should use the same thing, but it doesn't work, can anyone tell me what
I'm
> doing wrong?
> from the form on the previous page I have the $username and $password vars
>
> mysql_connect($host, $user, $pswd);
> mysql_select_db($db);
> $query = "SELECT username,password FROM users WHERE username='$username'
AND
> password=password('$password')";
> $result = mysql_query($query);
> $num = mysql_num_rows($result);
>
> the $query line is made up from what everyone has told me to write..
> I tried to add a list($usarname, $pessword) = mysql_fetch_row($result);
> and it returned "" .. but when I removed the "AND
> password=password('$password')" part the list showed the username and the
> password in encrypted form
> I don't know how this could help me in any way, but atleast it shows I
have
> an encrypted password, but the problem is that the line everyone uses
> doesn't work.. maybe I need to change some setting in mysql och php.ini or
> something? anyone have any idea?
> I know I've asked this several times but it doesn't seem like I'm
understood
> with my problem. Hope I will be now.
>
> Hawk
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: password why?
I didn't look very well at your script,
but it seems that you're calling mysql_numrows() instead of mysql_num_rows()
"Gary" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello Everybody,
> I have a script that checks if the password and password confirm are the
> same on a sign up page. It seems that if the password is already in the
> db it prints out passwords do not match like the password and confirm do
> not match. Why?
>
>
> //check if passwords match
>
> if ($password != $pass_check) {
> echo "Password's don't match!Please use your back
> button and fix the error";
>
> } else {
>
> // Connect To The Database
>
> $db = mysql_connect("localhost","user","password") or die ("couldn't
> connect to server");
>
> mysql_select_db("dbname",$db) or die ("couldn't select database");
>
> //Find Out If They Are Already In The System
>
>$sql = "SELECT name,email FROM tablename WHERE
> name='$name' OR email='$email'";
> $result=mysql_query($sql);
> $num=mysql_numrows($result);
> if ($num > 0)
> echo "Your Username is already taken.Please
> use your back button and choose another";
> else {
>
> more code
>
> TIA
> Gary
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
