password checker

Re: password checker


On 5-Oct-2003, euv01657@studen t.euv-frankfurt-o.de (magda muskala) wrote:
[color=blue]
> hi,
> I have a little problem with the following part of my code.
> I use post method to get the password from the form [$first ].
> Because there is an encrypted password in mysql database, I check with
> $pass = mysql_query("Se lect password('$unen cryptedPass')") ;
> while($row = mysql_fetch_arr ay($unencrypted Pass))
> {
>
> $encryptedPassw = $row[0];
> }
> how the encrypted password looks like.
> Then I make a simple query:
> mysql_query("Se lect login, password from edv_verantwortl iche where
> login = '$login' AND password = '$encryptedPass w'") or
> die("authorizat ion failed");
> But it doesn' t seem to work. I could login every time.
>
> I have checked all values with echo method - they are correct...
> Could somebody help me, please.[/color]

You will only die if mysql encounters an error. Not finding any rows is not
an error. Also, you can do it all in one SELECT.

try:

$rs = mysql_query("se lect login,password from edv_verantwortl iche where
login=$login and password=passwo rd('$unencrypte dPass')") or die('mysql
error: ',mysql_error() );
if (mysql_numrows( $rs)==0)
{
echo 'Authorization Failed.';
exit();
}
// authorization OK
}

--
Tom Thackrey

tom (at) creative (dash) light (dot) com
do NOT send email to jamesbutler@wil lglen.net (it's reserved for spammers)