Geek asks and answers

MySQL Check if the username and password in the database match

I have a form in which there is a text box with the name attribute username and another with a name attribute password. I also have a database with columns called user and skip. When my users subscribed, he added the username in the user column and the password in the column.

How can I make a MySQL query to check if the form provided the correct username and password, and then if it has a branch so that I can enter the code if it succeeds?

I really need code, this bit does not fit, I know it should be something like SELECT * FROM table WHERE username == $username AND..., but then I got stuck because I have an MD5 password in the database, and this first bit is probably wrong. Please help. :)

thank

+3
source share
3 answers

1.) Storing database passwords Use some kind of hash with salt, and then change the hash, obfuscate it, for example, add a clear value for each byte. Thus, your passwords are super protected from dictionary attacks and rainbow tables.

2.) To check if the password matches, create a hash for the user-entered password. Then query the database for the username and just check if the two password hashes are identical. If so, give the user an authentication token.

The request should look like this:

select hashedPassword from users where username=?

Then compare the password with the input.

Any other questions?

+7
source 
//set vars
$user = $_POST['user'];
$pass = md5($_POST['pass']);

if ($user&&$pass) 
{
//connect to db
$connect = mysql_connect("$server","$username","$password") or die("not connecting");
mysql_select_db("users") or die("no db :'(");
$query = mysql_query("SELECT * FROM $tablename WHERE username='$user'");

$numrows = mysql_num_rows($query);


if ($numrows!=0)
{
//while loop
  while ($row = mysql_fetch_assoc($query))
  {
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
  }
  else
      die("incorrect username/password!");
}
else
  echo "user does not exist!";
} 
else
    die("please enter a username and password!");
+9
source

count count (*) count (UserName).

You can limit the entire search to one line using Limit 0.1

SELECT COUNT(UserName)
  FROM TableName
 WHERE UserName = 'User' AND
       Password = 'Pass'
 LIMIT 0, 1
+9
source

More articles:


All Articles