I have a program that set's a database up with a PHP script. It automatically inserts a generic 'user' into a 'members' table. Each user has a password. In mysql I have used the 'PASSWORD('someString')' function to encrypt each users password. When authenticating a user for system use, I use the same function to compare encrypted password. How is this easiily achieved in Postgresql? (as there is no 'PASSWORD' function) Below is the table structure (simplified for this example) CREATE TABLE users ( userid serial (auto_increment if using mysql), name varchar(100), password varchar(200), PRIMARY KEY(userid, name) ); Here is what I would do with MySQL to set up the default user: INSERT INTO users (name, password) VALUES ('john citizen', PASSWORD('someString')); Is there any way to replicate this with PostgreSQL or a better way to authenticate users with both databases (md5 or similar) ???? I'd rather keep the encryption/and or md5 logic out of the scripts and in the database if possible. (unless there is a reason not to..) -----Original Message----- From: pgsql-php-owner@xxxxxxxxxxxxxx [mailto:pgsql-php-owner@xxxxxxxxxxxxxx]On Behalf Of Matthew Horoschun Sent: Tuesday, 21 January 2003 9:10 AM To: David Busby Cc: pgsql-php@xxxxxxxxxxxxxx Subject: Re: [PHP] Creating md5 passwords in PHP for the PostgreSQL pg_shadow table Hi David, Thanks for the reply. Unfortunately, thats not quite the problem. I want to create passwords that will work in the pg_shadow table. So, I need them to be calculated in exactly the same way PostgreSQL does when you do a CREATE USER matthew WITH PASSWORD testing. For example, If I create a user in PostgreSQL called 'matthew' with password 'testing', I get pg_shadow entry with passwd: md5759af56ffaf865413f7a50b4fae20ea3 but, if I do a simple md5 of 'testing' like you've done below, I get: ae2b1fca515949e5d54fb22b8ed95575 As you can see, those don't match. Perhaps I'm missing something though? Cheers Matthew. On Tuesday, January 21, 2003, at 05:27 AM, David Busby wrote: > Matthew, > I just use something like > $pass = $_POST['pass']; > $e_pass = md5($passs); > Maybe not as secure as two md5s, but have you ever tried to > reverse one > md5 checksum? -- Matthew Horoschun Network Administrator CanPrint Communications Pty. Ltd. Mobile: 0417 282 378 Direct: (02) 6295 4544 Telephone: (02) 6295 4422 Facsimile: (02) 6295 4473 ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)