This is what I have done:
if (IsSet($_POST['password']) && IsSet($_POST['username'])) {
connect_db();
$username = $_POST['username'];
$password = $_POST['password'];
if($phase==("login")) {
process_login();
} else if ($phase==("adduser")) {
add_user();
}
}
function connect_db() {
$dbHostName = "hostname";
$dbUserName = "name";
$dbPassword = "password";
$dbName = "database";
$link = mysql_connect($dbHostName, $dbUserName, $dbPassword) or die("Unable
to connect to host $dbHostName");
mysql_select_db($dbName) or die( "Unable to select database $dbName");
}
function process_login() {
global $username;
global $password;
//Check that the user exists in the db and if not, create an error page
$query = "SELECT user_id FROM users WHERE "
"username='$username'";
$result = mysql_query($query)
or die("Query failed at userid retrieval stage.");
//Logic concept: if the user_id doesn't exist, an empty string
// or "" will be returned with the $user_id call below.
// We can test this to see if the user has entered the username
// correctly
$num_rows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
$user_id = $row[0];
// first test -- did the username exist
if ($user_id == "") {
print "some sort of error message about username";
} else {
//this means that there was 1 result from the query so that
// username exists in the database
//now have to verify password. Basically same code.
$query = "SELECT password FROM users WHERE username='$username'";
$result = mysql_query($query) or die("Query failed at userid retrieval
stage.");
//Encrypt the password the user entered since our
// database stores it in encrypted fashion and we need to
// compare it this way
$encryptedpassword = md5($password);
$row = mysql_fetch_array($result);
//grab the password from the row array, 0th element
// since only 1 column selected
// have to use a variable $passwordfromdb so we don't
// overwrite our $password variable from the form var
$passwordfromdb = $row[0];
if ($encryptedpassword == $passwordfromdb) {
$result = mysql_query("SELECT user_id FROM users WHERE
username='$username'");
while ($myrow = mysql_fetch_array($result)) {
$uid=($myrow["user_id"]);
}
} else {
//passwords didn't match so make an error page
print "some sort of error message about the password";
}
}
}
function add_user() {
$encryptedpassword = md5($password);
// insert user into users table
$sql = "INSERT INTO users (username,password)
VALUES ('$usernamename','$encryptedpassword')";
$result = mysql_query($sql) or print mysql_error();
}
-----Original Message-----
From: Shaun [mailto:shaun@mania.plus.com]
Sent: Wednesday, May 21, 2003 10:02 AM
To: php-db@lists.php.net
Subject: Encrypt database
Hi,
I would like to make my application a little more secure, I've heard you can
encrypt the passwords in a MySQL database, how can I do this?
Thanks for your help.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
