crypt() compare to MySQL password(crypt)

Anon

I did search manuals and online (including here). Anyone can point me to how I can use a PHP-call to crypt an input so I can compare it with a password that was crypted in PHPMyAdmin using the MySQL "password" tag?
MySQL's "password(string)" and PHP's "crypt(string)" return different values. I have the code on a SSL-secured site, but want to ensure no "hacker" into my MySQL-table can easily access password-protected areas.Should be pretty simple, I just seem to miss the right search phrases ;-]

Anon

You'll have to do it with a query. If $word is what you want to check again 'field' in a database, then you'd use a query like this:

SELECT * FROM table WHERE field = PASSWORD('$word')

---John Holmes...

Anon

Hmmm... Doesn't do what I thought (making it easier for myself).
Seems I have to do a double select on that one, identifiing user by password in the select-string. Requires some major redesign on the website, as I so far worked with unencrypted password, which I checked on the return, providing different errors for password invalid, password missing or user invalid.

Anyone having an idea how to make this check as part of a PHP script instead of a SELECT, I appreciate it.

Anon

Crypt and MySQL password function use different encryption methods. I don't know of any php functions that do MySQL
encryption of passwords.

Why do you have to do two selects?
Why would making that change require a major rewrite?

Maybe you should consider a major rewrite, designing your application with flexibility and scalability in mind.

[deleted]

Never make PHP do something you should do in the datebase:

SELECT name,
CASE
WHEN password=password('$password')
THEN 1
ELSE 0
END AS goodpassword
FROM table
WHERE username = '$username';

This will return one record if the username exists, and the record will contain a field 'goodpassword' which is 1 if the password matches, and zero if not.