Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.
Any idea.
Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.Any idea.
Hi NetHead21.
There are a few way's you could do it. You could do it from a variable or directly in your SQL select query.
//MySQL Query.
$sql="SELECT * FROM user_tbl where user_pwd=PASSWORD('user_secret')";or
Variable way.
$pass=$_POST['password']; // retrieves password from a post.
$pass=PASSWORD('$pass');Hope this helps.
Regards
The basics of a user system involves three main parts.
md5() function, a one way hash), email, and session id. As an extra layer of security and to prevent spam you can filter for valid emails and send email verifications to ensure users give you valid addresses.This is a basic outline of how to implement all of the basic features of a user system. If you need clarification on any of the items, feel free to ask.
Good Luck!
PhpMyCoder
Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.Any idea.
Hi NetHead21
//To make sure that the passwd is valid.
if(mysql_num_rows($sql) > 0){ //If value is not equal to 0.
echo "User exists in DB"; //Here you can echo anything || forward to UMS home page.
}else{
echo "Failed Unknown User"; //Return back to login page or just echo Message
}You can use the above code to make sure that the user's password is the same as the password in DB.
Regards
Well it would take a little more work than that if you wanted true security. Slightly advanced authorization should look something like this. You should also look into MD5 Salts.
<?php
mysql_connect($host, $user, $pass);
mysql_select_db($db);
//If id & session are set validate them
if(isset($_COOKIE['id']) && isset($_COOKIE['session']) {
$result = mysql_query("SELECT * FROM users WHERE id='".mysql_real_escape_string($_COOKIE['id'])."' AND session='".mysql_real_escape_string($_COOKIE['session'])."'");
//Go to login page if id or session is invalid
if(mysql_num_rows($result) == 0) {
header('Location: login.php');
exit();
}
//Regenerate session id
$session = md5(mt_rand());
if(mysql_query("UPDATE users SET session='".$session."' WHERE id='".mysql_real_escape_string($_COOKIE['id'])."'")) {
setcookie('session', $session);
}
} else {
//Otherwise send to the login page
header('Location: login.php');
exit();
}
?>Thank you very much for all the information guys I will try all your answer.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.