MySQL Password Query Error

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • rca
    Junior Member
    • Mar 2004
    • 5
    #1

    MySQL Password Query Error

    I have a pretty basic login script on a couple of websites that does some basic page protection. I store a name and password in a MySQL database, using the PHP PASSWORD function to get hash the password and match it in my MySQL query. This worked until today, probably after the upgrade.

    Query is basically:

    SELECT * FROM user WHERE username = '$uid' AND password = PASSWORD('$pwd')

    I ran the query in PhpMyAdmin and did not get a match either. Anybody know if something changed in PHP or MySQL for the PASSWORD hash?

    Oh yea, I'm on Cpanel 32.

    Thanks.

    rca
    Tags: None
    • ChrisTech
      Senior Member
      • Mar 2004
      • 530
      #2
      Just recently a few updates were performed.

      cPanel/WHM
      cPanel Pro (Boxtrapper, file leech protector, image manager)
      MySQL 4.1.3
      PHP 4.4.0
      Via annoucements thread
      Software Upgrades Begin - Dathorn Community Forums
      http://forums.dathorn.com/showthread.php?p=10908
      Within the next few hours we will begin upgrading the software listed below on cpanel04. This will serve as our "live" test server. Thus far on our other test servers we've not experienced any problems with this process. There may be 30 minutes or so of downtime during this due to the recompiling that is necessary for


      Might also want to subscribe to that forum, as it gives all of the updates for Dathorn.
      Here's the "how to" on how to subscribe
      How to subscribe to the Announcements Forum - Dathorn Community Forums
      http://forums.dathorn.com/showthread.php?t=1699
      These are instructions for how to subscribe to the Announcements forum. You should subscribe this way you know instantly of server and network issues. Also, this allows you to get in quickly on specials that are offered. All Dathorn clients should subscribe to this forum. Directions 1. Click on Forum Tools (upper right



      **edit I was too quick to reply and didn't read it fully.
      Hosting at Dathorn since March 2003!

      My Interwebs speed on Charter Cable!

        Comment

        • Buddha
          Senior Member
          • Mar 2004
          • 825
          #3
          PASSWORD() function shouldn't be used, it's for MySQL internal use. Use MD5() instead.
          "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

            Comment

            • rca
              Junior Member
              • Mar 2004
              • 5
              #4
              OK,

              I am subscribed to the update forum so I knew upgrades had been done, I just didn't know what had changed that was causing me a problem, but I figured it out.

              The newer version of MySQL changed the PASSWORD hash and the field it generates is now bigger. It used to generate a 16 byte hash and now it is 41 bytes. My password field in my databases was only 16 bytes long, so when I regenerated the passwords it could not fit all the hash in the field and when I tried to match it did not work.

              Solution was to change the length of my password field in my database to 41 bytes and regenerate the passwords. This appears to have solved my problem.

              rca

                Comment

                • Buddha
                  Senior Member
                  • Mar 2004
                  • 825
                  #5
                  Originally posted by rca
                  Solution was to change the length of my password field in my database to 41 bytes and regenerate the passwords. This appears to have solved my problem.
                  Till the next MySQL update anyway.
                  "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

                    Comment

                    • rca
                      Junior Member
                      • Mar 2004
                      • 5
                      #6
                      Originally posted by Buddha
                      Till the next MySQL update anyway.


                      Exactly!

                        Comment

                        • -Oz-
                          Senior Member
                          • Mar 2004
                          • 545
                          #7
                          wow, things like that are friggin annoying.
                          Dan Blomberg

                            Comment

                            • ZYV
                              Senior Member
                              • Sep 2005
                              • 315
                              #8
                              Try OLD_PASSWORD instead since the password hashing changed in 4.1 since 4.0... HTH.

                                Comment

                                • Ian
                                  Member
                                  • Mar 2004
                                  • 64
                                  #9
                                  This message saved me. Thanks, my login script is working again.

                                  Easier to alter the table then to use OLD_PASSWORD imo, but good to know both.
                                  www.ianhoar.com - A place to geek out

                                    Comment

                                    Previous template Next
                                    Working...