Login/password from database

This topic is locked

Login/password from database		7/25/2005 01:42:46
PHPRunner General questions
J johnww author I have tried to set up a login page with username/password from a table in the database. Login always failed when I typed the password for my username directly into the form on login.php. From the mysql command line, I did: select password from mytable where username=myusername; When I cut and pasted this text into the login.php form, login succeeded. The text stored in the database is not the same as my password en clair. Do you think that the password data was encoded (base_64?) before storage in the db so that I must add a decode line? Or is phprunner forgetting to encode the password accepted from the form in login.php?

Mark as Solved Mark as not solved

2 replies


	Sergey Kornilov admin 7/25/2005
	John, PHPRunner doesn't encode passwords and doesn't decode. How was your password stored in database ?


J	johnww author 7/28/2005
	After a little experimenting, I discovered that the passwords stored in the database were encyrpted with the mysql password() function. To make phprunner function, I edited login.php and changed $strSQL = "select from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=.$strPassword; to $strSQL = "select from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=PASSWORD(".$strPassword.")"; I am probably not the only trying to use passwords encrypted this way. It would be nice if phprunner had a checkbox where we could indicate if passwords are encrypted with mysql password() or not.

2 replies

Mark as Solved Reply