RE: [PHP] username and password auth
[snip] What is the best or right way to compare users name and password given in a web form to data in mysql database? I saw one example where sql SELECT query was made with username and password as WHERE and the script tested how many rows was returned from database if there was 1 row returned the login was accepted. Is there other ways to do this? What if the usertable has more than these 2 columns. [/snip] How familiar are you with database usage and SQL? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] username and password auth
William Stokes wrote: What is the best or right way to compare users name and password given in a web form to data in mysql database? It's kind of a Good Idea to store the password encrypted using MySQL's md5() function or other similar functions. In the old days, you'd use their password() function so you still see that a lot, but it's deprecated, as they want to be able to change the guts under-pinning their password() function that they use internally, since various encryption algorithms become obsolete. The point being that if somebody breaks into the database, they don't see any actual passwords, just a bunch of useless junk -- But *YOU* can call the md5() function on a password and compare the result to what's there. md5 and similar functions are what you call a one-way encryption -- There's no (easy) way to take the output and go backwards to the input. I saw one example where sql SELECT query was made with username and password as WHERE and the script tested how many rows was returned from database if there was 1 row returned the login was accepted. Is there other ways to do this? What if the usertable has more than these 2 columns. You don't care about the number of COLUMNS. If you have two *ROWS* with the same username, then you have the same user in there twice, which is BAD or two people using the same username which is REAL BAD. Don't do that. :-) So what you saw was fine, but it would be better to use an encryption function on the password as well. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] USERNAME
Not that I have ever used HyperWave, but a 3 second glimpse at the manual would seem to indicate that you get a HyperWave connect by calling hw_connect(). -Rasmus On 7 Dec 2001, Chamarty Prasanna Kumar wrote: Hi All, Want to know the usage of hw_getusername(int connection); function specifically, what connection refers to !! Thanks in advance, Kumar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re:[PHP] USERNAME
Hi Rasmas and All, Thanks very much for the reply, Rasmas. To use Hyperwave functions does I need to download software and install it or it will work with php intallation. Or is there any way to find the login username from the web page using php and that login authentication is being done by the apache server.ie., we are using password protecting directory by apache. Thanks in advance, Kumar. On Fri, 07 Dec 2001 Rasmus Lerdorf wrote : Not that I have ever used HyperWave, but a 3 second glimpse at the manual would seem to indicate that you get a HyperWave connect by calling hw_connect(). -Rasmus On 7 Dec 2001, Chamarty Prasanna Kumar wrote: Hi All, Want to know the usage of hw_getusername(int connection); function specifically, what connection refers to !! Thanks in advance, Kumar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] php.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] p.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re:[PHP] USERNAME
To use the HyperWave functions you need to download and install HyperWave, whatever it is. And your second question has nothing to do with HyperWave. Simply check $REMOTE_USER. phpinfo() would have shown you this. -Rasmus On 7 Dec 2001, Chamarty Prasanna Kumar wrote: Hi Rasmas and All, Thanks very much for the reply, Rasmas. To use Hyperwave functions does I need to download software and install it or it will work with php intallation. Or is there any way to find the login username from the web page using php and that login authentication is being done by the apache server.ie., we are using password protecting directory by apache. Thanks in advance, Kumar. On Fri, 07 Dec 2001 Rasmus Lerdorf wrote : Not that I have ever used HyperWave, but a 3 second glimpse at the manual would seem to indicate that you get a HyperWave connect by calling hw_connect(). -Rasmus On 7 Dec 2001, Chamarty Prasanna Kumar wrote: Hi All, Want to know the usage of hw_getusername(int connection); function specifically, what connection refers to !! Thanks in advance, Kumar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] php.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] p.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: Re:[PHP] USERNAME
If you simply want to find out the username of someone who has logged in using apache htaccess authentication, that information is contained in the global variable $PHP_AUTH_USER Fred Chamarty Prasanna Kumar [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Rasmas and All, Thanks very much for the reply, Rasmas. To use Hyperwave functions does I need to download software and install it or it will work with php intallation. Or is there any way to find the login username from the web page using php and that login authentication is being done by the apache server.ie., we are using password protecting directory by apache. Thanks in advance, Kumar. On Fri, 07 Dec 2001 Rasmus Lerdorf wrote : Not that I have ever used HyperWave, but a 3 second glimpse at the manual would seem to indicate that you get a HyperWave connect by calling hw_connect(). -Rasmus On 7 Dec 2001, Chamarty Prasanna Kumar wrote: Hi All, Want to know the usage of hw_getusername(int connection); function specifically, what connection refers to !! Thanks in advance, Kumar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] php.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] p.net For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]