On Thu, 23 Sep 1999, Alejandro Leonian wrote:
> INSERT INTO Users
> VALUES(´Bill´,´Gates´,PASSWORD(´666´));
> Now, i want to make a login script (am using perl) that checks whether the
> username Bill matches the password inputed by the user.But the user inputs
> his password UNencrypted..and the password in the database is ENcrypted!
> how am i suppose to make the comparison between the two? is there any
> UNencrypt password function or something similar?
> Should i keep the passwords plain text?
No.
> should i encrypt the password provided,insert it inside a temporal
> table,read from it and compare?
Given unencrypted user password passed from user to CGI script
as $password...
$sql = "select password(" . $dbh->quote($password) .
") as password";
$dbh->prepare($sql);
$dbh->execute($sql);
get result from query (single record - very fast) and compare it
to the entry from your user file.. You are comparing the encrypted
values on both sides of the condition.
================================================================
| Greg Patterson | EMAIL: gomer@stripped |
| | gomer@stripped |
| Linux: The choice of a | IRC: xed (Irc.OpenProjects.Net) |
| GNU generation! | WWW: http://www.linuxhelp.org/ |
================================================================
