Comparing Passwords

Maiku

Do you have to do anyhting special to compare a MySQL stored password with one entered by a user?

For intsance, I have this:

<form action='login.php' method='POST'> Username: <br><input name='username' size='10'><br>Password:<br><input name='password' type='password' size='10'><br><input type='submit' value='Login'>

And to validate it I have this:

$result = mysql_query("SELECT Password FROM players WHERE User_Name='$HTTP_POST_VARS[username]'");
			if ($result == '$HTTP_POST_VARS[password]')
			{ . . . . .

It doesn't seem to work the way I think it should. Becuase I am a severe nebie at MySQL, it it probably totally wrong (but I hope I'm not that stupid). Thanks.

nnichols

Try something like this -

$sql = "SELECT COUNT(*) FROM players WHERE User_Name='" . $HTTP_POST_VARS['username'] . "' AND Password='" . $HTTP_POST_VARS['password'] . "'";
$result = mysql_query($sql)
    or die() 'MySQL error: ' . mysql_error() . '<br>Query: ' . $sql;

// you need to retrieve the data from the result set
// we know the query will only return 1 row so we don't need a loop
$row = mysql_fetch_row($result);

if ($row[0] == 1) {

// do logged in stuff

} else {

// you ain't a member stuff

}

Hope this helps

uniflare

To check a username/password in a simple way, then you could use "mysql_num_rows()", for further information see: http://www.php.net/mysql_num_rows

Here is a little snippet...

$query = 'SELECT * FROM `players` 
WHERE 1 AND
`User_Name`=\''.$_POST['username'].'\' AND
`Password`=\''.$_POST['password'].'\';';
$result = mysql_query($query);

if(mysql_num_rows($result) >= "1"){
     echo"Access Granted";
     // ACCESS GRANTED
}
else{
     echo"Access Denied";
     // ACCESS DENIED
}

That should work.... as long as your are connected to mysql using "mysql_connect()" and the database is selected using "mysql_select_db()"

(for more info see:
http://www.php.net/mysql_connect
http://www.php.net/mysql_select_db
http://www.php.net/mysql_num_rows
See these if you dont know how to use them or how they work...😉 )

Maiku

Thats what I was trying to accomplish, nnichols. However I missed the important part. Anyways, that worked. Thanks alot.

Maiku

Is there anything I should do to ensure that the passwords are secure when being transfered to and from the client?