how connect mysql with encrypted password?

Anon

I always encrypt my mysql user password when i create a new user! but problem produce when i use php mysql function "mysql_connect()" to connect to mysql server! the password i encrypted do not match the password store in mysql database, what can i do?

Anon

I`m not sure, but I think you have to use the "decrypt" command in your login.

I`m about to do the same thing in a site I am building and I have been thinking about how I should do this.

Of course, Im just a newbie, and havent acctually done this procedure before, but I`ve been reading a litle about it.

Anon

If you want to use encryption within MySQL here's the skinny. [encode and decode function]

inserting data:

This will encrypt 'user' according

to 'pass' and 'pass' according to 'user'

insert into table values(encode('user','pass'),encode('pass','user'));

############################################

verifying user and pass:

This will decode 'user' with

correct 'pass' and vice versa

select * from table where decode(user,'pass')='user_from_login_form' and decode(pass,'user')='pass_from_login_form'

############################################

Happy Coding }:-)

for more question send to procom3@pacbell.net

Anon

I know that we can use php encrypt function to encrypt and dencrypt password when we insert value/read value from mysql wiht php mysql function, but it sees that we must have our system installed the encrypt function. when it does not, what to do? I mean that use php mysql function to connect to mysql server.

werkerholic wrote:

If you want to use encryption within MySQL here's the skinny. [encode and decode function]

inserting data:

This will encrypt 'user' according

to 'pass' and 'pass' according to 'user'

insert into table values(encode('user','pass'),encode('pass','user'));

############################################

verifying user and pass:

This will decode 'user' with

correct 'pass' and vice versa

select * from table where decode(user,'pass')='user_from_login_form' and decode(pass,'user')='pass_from_login_form'

############################################

Happy Coding }:-)

for more question send to procom3@pacbell.net

Anon

The encode and decode functions I mentioned are built-in to MySQL.

Anon

How are you encrypting the password?

With the grant command, you should do something like this:

mysql> GRANT ALL PRIVILEGES ON . TO monty@localhost
IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

MySQL will handle the encryption of your password.

If you add users by using INSERT commands instead of GRANT, use the password() function to set your password.

mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')

Either way, when you use mysql_connect, you don't have to worry about the encryption.

$link_id = mysql_connect("localhost","monty","some_pass");

---John Holmes...

Anon

Hi Werkerholic:
I encrypt my password with grant query on one hand, but I want to connect mysql server with php function but i do not want to write my password as bland char without encryption, and do not want to fill my password in the mysql database bland char. I think that php mysql_connect function auto-encrypts the password of a user when connect to the mysql dameon. I think i have to write an encryption php function, but it is not the good idea yet! Good idea of you?

Alan Fang here1
2000/10/31

John Holmes wrote:

How are you encrypting the password?

With the grant command, you should do something like this:

mysql> GRANT ALL PRIVILEGES ON . TO monty@localhost
IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

MySQL will handle the encryption of your password.

If you add users by using INSERT commands instead of GRANT, use the password() function to set your password.

mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')

Either way, when you use mysql_connect, you don't have to worry about the encryption.

$link_id = mysql_connect("localhost","monty","some_pass");

---John Holmes...

Anon

Okay....

You don't have to worry about putting your password plain text in your .php file because no one will ever see it. Do you know how PHP works? The code is parsed on the server and ONLY HTML is sent to the browser, your code never leaves the server.

If you want some extra security, put all of your database connectivity stuff in a config.inc file and place it outside of your webroot. Then use

include("../includes/config.inc");

or something similar in your files where you need to connect to the database...

Please read the manuals, too...

---John Holmes...