Reputation:
To select the encrypted password from mysql
I need to select only the password from the table with the specific username entered through the log in form. I store the password in the encrypted form in the mysql table. So I need to compare the given password and stored password and have to print "logged in successfully". else password is incorrect. this is my code.Now I am getting the output as "1Resource id #4".can any one plz help...
mysql_select_db($dbName);
$user_name=$_POST['name'];
$pswd=$_POST['pswd'];
$res = mysql_query("select * from xxx where Name='$user_name'");
$row = mysql_num_rows($res);
echo $row;
$encpass=mysql_query("SELECT password FROM xxx WHERE Name = '$user_name'");
$result1= mysql_fetch_array($encpass);
echo $result1;
if($row>0)
{
//echo 'hi';
if(md5($pswd)==$result1)
{
echo 'hi';
echo "you have successfully signed in!!!";
//echo $name = $row['Name'];
//header("location:check.html");
}
}
else
echo "you are not a member";
Upvotes: 3
Views: 3533
Answers (3)
Reputation: 1497
You are printing the resultset as an array, you still have to traverse it.
Just change:
if(md5($pswd)==$result1)
To:
if(md5($pswd)==$result1[0])
Upvotes: 2
Reputation:
As well as telling you what slipbull said - "You are printing the resultset as an array, you still have to traverse it." - I'll also tell you that your code is currently VERY dangerous.
You are sticking the user's passed data straight into an SQL query. They can take over your database by doing that.
Instead, pass the parameter through mysql_real_escape_string() BEFORE doing anything with the data.
Fix this before you do ANYTHING else!!
Upvotes: 0
Reputation: 944320
You are over complicating this. You don't need to retrieve the passwords from the database. You just need to see if you can select a row which has the username and password that were submitted.
First - get the username and password from the user and get them in the form that matches however you have stored it.
$username = $_POST['name'];
$password = my_password_encryption_function( $_POST['pswd'] );
Second - set up your SQL. Use a prepared statement to protect against SQL injection attacks. Your current approach is unsafe and allows users to change the passwords of arbitary users (among other things).
$preparedStatement = $db->prepare('SELECT * FROM xxx WHERE Name = :name AND password = :password');
$preparedStatement->execute(array(':name' => $username, ':password' => $password));
$rows = $preparedStatement->fetchAll();
Third - just count the rows returned. If you get one result, the password matched. If you get zero results, the password didn't match.
Upvotes: 3
Related Questions
- MySQL: decrypt password
- MySQL ENCRYPT password but how to DECRYPT?
- Decryption of password encrypted using PASSWORD() function of mysql
- php login to mysql encrypted password
- Trying to retrieve password from database
- How to decrypt a password from database in php?
- Decrypt password in php
- How to get value of password from MySQL database using PHP
- Selecting the encrypted password from database in codeigniter
- How to decrypt password in mysql