I always encrypt my mysql user password when i create a new user! but problem produce when i use php mysql function "mysql_connect()" to connect to mysql server! the password i encrypted do not match the password store in mysql database, what can i do?

    I`m not sure, but I think you have to use the "decrypt" command in your login.

    I`m about to do the same thing in a site I am building and I have been thinking about how I should do this.

    Of course, Im just a newbie, and havent acctually done this procedure before, but I`ve been reading a litle about it.

      If you want to use encryption within MySQL here's the skinny. [encode and decode function]

      inserting data:

      This will encrypt 'user' according

      to 'pass' and 'pass' according to 'user'

      insert into table values(encode('user','pass'),encode('pass','user'));

      ############################################

      verifying user and pass:

      This will decode 'user' with

      correct 'pass' and vice versa

      select * from table where decode(user,'pass')='user_from_login_form' and decode(pass,'user')='pass_from_login_form'

      ############################################

      Happy Coding }:-)

      for more question send to procom3@pacbell.net

        I know that we can use php encrypt function to encrypt and dencrypt password when we insert value/read value from mysql wiht php mysql function, but it sees that we must have our system installed the encrypt function. when it does not, what to do? I mean that use php mysql function to connect to mysql server.

        werkerholic wrote:

        If you want to use encryption within MySQL here's the skinny. [encode and decode function]

        inserting data:

        This will encrypt 'user' according

        to 'pass' and 'pass' according to 'user'

        insert into table values(encode('user','pass'),encode('pass','user'));

        ############################################

        verifying user and pass:

        This will decode 'user' with

        correct 'pass' and vice versa

        select * from table where decode(user,'pass')='user_from_login_form' and decode(pass,'user')='pass_from_login_form'

        ############################################

        Happy Coding }:-)

        for more question send to procom3@pacbell.net

          The encode and decode functions I mentioned are built-in to MySQL.

            How are you encrypting the password?

            With the grant command, you should do something like this:

            mysql> GRANT ALL PRIVILEGES ON . TO monty@localhost
            IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

            MySQL will handle the encryption of your password.

            If you add users by using INSERT commands instead of GRANT, use the password() function to set your password.

            mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
            'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')

            Either way, when you use mysql_connect, you don't have to worry about the encryption.

            $link_id = mysql_connect("localhost","monty","some_pass");

            ---John Holmes...

              Hi Werkerholic:
              I encrypt my password with grant query on one hand, but I want to connect mysql server with php function but i do not want to write my password as bland char without encryption, and do not want to fill my password in the mysql database bland char. I think that php mysql_connect function auto-encrypts the password of a user when connect to the mysql dameon. I think i have to write an encryption php function, but it is not the good idea yet! Good idea of you?

              Alan Fang here1
              2000/10/31

              John Holmes wrote:

              How are you encrypting the password?

              With the grant command, you should do something like this:

              mysql> GRANT ALL PRIVILEGES ON . TO monty@localhost
              IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

              MySQL will handle the encryption of your password.

              If you add users by using INSERT commands instead of GRANT, use the password() function to set your password.

              mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('some_pass'),
              'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')

              Either way, when you use mysql_connect, you don't have to worry about the encryption.

              $link_id = mysql_connect("localhost","monty","some_pass");

              ---John Holmes...

                Okay....

                You don't have to worry about putting your password plain text in your .php file because no one will ever see it. Do you know how PHP works? The code is parsed on the server and ONLY HTML is sent to the browser, your code never leaves the server.

                If you want some extra security, put all of your database connectivity stuff in a config.inc file and place it outside of your webroot. Then use

                include("../includes/config.inc");

                or something similar in your files where you need to connect to the database...

                Please read the manuals, too...

                ---John Holmes...

                  Write a Reply...