mysql password()

timothyr

I'm having difficulty with an authentication script that checks for the username/password compo and returns another field (ip) if there is a record with that combo in the db.

Here is the function:


function login($userid, $password) {
	$link_id = db_connect();
	if (!$link_id) return false;

$query = "SELECT ip from user where
			userid='$userid'
			and pass = password('$password')";


$result = mysql_query($query);

if (!$result) {
	echo "no result!";
	echo sql_error();
	echo "<br>$query";
	} ELSE {
		$ip = mysql_result($result, 0, 0);
		echo $ip;
	};
};

I seem to be having difficulty matching the password to the encrypted one in the database. When I pass valid combos, I still get "Can't jump to row 0". When I cripple the script and change the password in the database to be unencrypted, everything works fine. Is there something I should know about the password function in my query that could make it not match the password() encrypted in the db?

Thanks for any advice!

jburfield

This is a stupid question, but the passwords are going in to your database like this:

insert into xxxxx (pass) values(password('yourpass')); ??

Also, is the field in the database long enough to store the encrypted password? Perhaps it is cutting part of it off, so when you attempt to validate against it is actually does not match...

Just a thought.

-- Jason