Reputation: 3105
MySQL and PHP - Password Compare
I'm using a stored procedure to check the username and password on login attempts. - The passwords are stored using the password() function in MySQL.
And the login works fine, using the stored procedure, the problem is that I have a function that enables the user to change the password, how should I update it? as MD5 through PHP? or should I build a new stored procedure?
Thanks :)
Upvotes: 0
Views: 80
Answers (1)
Reputation: 562368
You're not supposed to use the PASSWORD() function for your application-level passwords.
http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_password says:
Note
ThePASSWORD()function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, considerMD5()orSHA2()instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.
If you use a standard cryptographic hash method like SHA2, you can perform the hashing in PHP, using the hash extension. Hashes calculated with the same algorithm in PHP are compatible with those calculated in MySQL.
Upvotes: 1
Related Questions
- PHP & MySQL compare password
- I can't compare password from my database and the one inputted
- Compare password in WordPress always return false
- Comparing two Passwords in Registration form
- Using PHP to compare MySql Password()
- Check if password values are identical
- mysql passwords Connecting to MySQL with PHP
- Php - compare password with root password
- MySQL password comparison from PHP
- PHP & MySQL Password Question