Basically I just did a query to see if the user exists with the
encrypted password.
$res = $db->query("SELECT password FROM users where
username='$username' and password=password('$password') ");
$row = $db->fetchObject( $res );
$newPass = $row->{'password'};
if we get something back we authed, otherwise we didnt.
Good luck!
Thanks
Darren
On Thu, Aug 27, 2009 at 7:46 AM, Platonides<[email protected]> wrote:
> Happy-melon wrote:
>> "Darren Kemp" <[email protected]> wrote in message
>> news:[email protected]...
>>> I have solved this issue. Thanks to those who read and offered advice.
>>
>> Using the method Michael Daly suggested? I know for a fact that I'm going
>> to have to do this on a new project of mine in the next few weeks, it would
>> be nice to have an idea of how to proceed.
>>
>> --HM
>
> I wouldn't perform an extra query just to encode the password.
>
> MysqlAuthPlugin::authenticate($username, $password) {
> /**connect to mysql table */
> mysql_query("SELECT host FROM user WHERE user='$username' AND
> password=PASSWORD('$password')"); //Need to be mysql_escaped for any
> real use
>
> /* Iterate checking that at least one host matches the user one
> Or simply check that some row was returned, in which case
> you can add a LIMIT 1.
> */
> }
>
>
> _______________________________________________
> Wikitech-l mailing list
> [email protected]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
--
Darren Kemp - XGS
[email protected]
http://world.anarchy.com/~dkemp
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
