password() &amp; MySQL

password() & MySQL

rcoursey

WHere does the password() function go when using PHP & MySQL.

I tried to pass a variable $pass to the function but got an undefined function when running the script. I was trying to do this prior to running an INSERT query.

Can this be used in the script or only in an SQL query statement?

jeremuck

There is no password() function in PHP.

If you are referring to the database function, then you need to tell the database to execute the function when you query it. So this would inside the query string. To PHP this is just text.

rcoursey

This is what I suspected.
Is this the idea?

"INSERT INTO db password VALUES password($pass);"

tsinka

Hi,

I think there are two double quotes missing:

"INSERT INTO mysql.user VALUES password(\"$pass\");"

Since $pass is a string you need to put " around it. But that wouldn't work either because the table has more than one field and the password itself isn't sufficient.

Example:

"INSERT INTO mysql.user (Host,User,Password) VALUES (\"%\",\"myuser\",password(\"$pass\"));"

This user would then have no rights. To give a user all rights you can do something like:

$strSQL = <<< EOSQL
INSERT INTO mysql.user VALUES ("%","myuser",password("$pass"),
        "Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y")
EOSQL;

This might be a bad idea. The MySQL manual has an overview about the meaning of the different privileges.

You might want to insert a user without any rights into user and then give that user specific rigthts on one or more databases by inserting rows into the mysql.db table.

After that you must execute the query

FLUSH PRIVILEGES

to activate the changes.

Instead of inserting the rows manually you can also use a GRANT query to give certain users privileges.

rcoursey

Oops...

I was only using db as an example. I am not assigning rights. This is a small part of a user table for logins. I wanted to put encrypted passwords into the table. If I am going about this the wrong way let me know.

tsinka

Ah, ok,

I missunderstood that one.

You might use the md5 or mcrypt functions of php.

md5 encrypted password cannot be decrypted whereas passwords encrypted by mcrypt can be decrypted.

I'd suggest to use md5 and to encrypt the password provided by e.g. a form before comparing it with the (md5 encrypted) password stored in the table.

rcoursey

Is md5 encryption easy to use? Does it need special modules compiled...etc.

tsinka

Hi,

the md5 function is rather simple:

http://www.php.net/manual/en/function.md5.php

It has to be enabled but you might easily check if it works by creating a test script.