0

Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.

Any idea.

Edited by NetHead21: n/a

4
Contributors
6
Replies
8
Views
6 Years
Discussion Span
Last Post by MooGeek
1

Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.

Any idea.

Hi NetHead21.

There are a few way's you could do it. You could do it from a variable or directly in your SQL select query.

//MySQL Query.
$sql="SELECT * FROM user_tbl where user_pwd=PASSWORD('user_secret')";

or

Variable way.

$pass=$_POST['password']; // retrieves password from a post.
$pass=PASSWORD('$pass');

Hope this helps.

Regards

Edited by LRNPHP: n/a

0

The basics of a user system involves three main parts.

  1. Registration - The user provides details such as desired username, password, and email. Some verification should be done to make sure that the user names and emails are unique to that user. If they are, insert this information into a users table of your database. This table should include a unique ID, username, password (encrypted with the md5() function, a one way hash), email, and session id. As an extra layer of security and to prevent spam you can filter for valid emails and send email verifications to ensure users give you valid addresses.
  2. Authentication - The user provides login details such as username and password or email and password. The username/email should be checked against the database. If it does exist, run the given password through an md5 hash to verify that the passwords match. From here, store the unique user id and a random session id as cookies on the users browser. To validate login, check to see if the unique id stored in the cookie matches a record in the table along with the session id. You can regenerate the sessionid for maximum security.
  3. Management - Something as simple as PhpMyAdmin can be used for user administration. You can update, delete, and add users with little to no extra work. If you prefer a more targeted admin panel, you can add advanced options that includes all of the above and other features such as banning by IP, email, username.

    This is a basic outline of how to implement all of the basic features of a user system. If you need clarification on any of the items, feel free to ask.

    Good Luck!
    PhpMyCoder

0

Hello anybody! I have some idea and I don’t know if it will work.
I am planning to make a user management system using the mysql database but the problem is I don't know where to start because in MySQL database the password is encrypted with password() function and it returns with encrypted string. And I don't have any idea how to compare the query result from mysql password and the password submitted by user.

Any idea.

Hi NetHead21

//To make sure that the passwd is valid.

if(mysql_num_rows($sql) > 0){ //If value is not equal to 0.
        echo "User exists in DB"; //Here you can echo anything || forward to UMS home page.
}else{
       echo "Failed Unknown User"; //Return back to login page or just echo Message
}

You can use the above code to make sure that the user's password is the same as the password in DB.

Regards

Edited by LRNPHP: n/a

0

Well it would take a little more work than that if you wanted true security. Slightly advanced authorization should look something like this. You should also look into MD5 Salts.

<?php
mysql_connect($host, $user, $pass);
mysql_select_db($db);

//If id & session are set validate them
if(isset($_COOKIE['id']) && isset($_COOKIE['session']) {
    $result = mysql_query("SELECT * FROM users WHERE id='".mysql_real_escape_string($_COOKIE['id'])."' AND session='".mysql_real_escape_string($_COOKIE['session'])."'");
    //Go to login page if id or session is invalid
    if(mysql_num_rows($result) == 0) {
        header('Location: login.php');
        exit();
    }
    //Regenerate session id
    $session = md5(mt_rand());
    if(mysql_query("UPDATE users SET session='".$session."' WHERE id='".mysql_real_escape_string($_COOKIE['id'])."'")) {
        setcookie('session', $session);
    }
} else {
    //Otherwise send to the login page
    header('Location: login.php');
    exit();
}
?>

Edited by FlashCreations: n/a

0

Thank you very much for all the information guys I will try all your answer.

Edited by NetHead21: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.