-
August 25th, 2003, 10:48 PM
#21
What error message did you recieve. It may have been telling you that you don not have authority to grant permissions, which shouldn't be needed on a phpmyadmin type database anyway. Thats really only if your loading the database on your own system. Usually when a database is generated from a hosting company, they set up all the user grant information for you.
If the table is in there, then you should be fine.
The password('password') function is an encryption that MySQL uses for passwords. If you look at the table created
select * from auth;
The first insert in the database is an example of not using the password('password') utility. If you look at the table, you will notice the password in plaintext.
The second insert should show where you inserted password('test123') as 6j9h576KHn86H4mk4 or some other variation of a hash. This just keeps passwords entered into the database secure.
Are you using the testuser login?
Try
login: user
pass: pass
Also try the other,
login: testuser
pass: test123
The databse structure is basically this. The First column is the UserID: If you notice, it is an auto-increment function, that will automatically increase its number by 1 anytime a new user is added to the databse. It is good to have a unique ID attached to all things in the database.
The second column is the username, third is the password, the fourth is the e-mail of the person, and the fifth and sixth are things I added to the system. By default, when someone registers, they are marked as admin no, and activated, no. This was something that was put in to limit access to admin scripts, (add remove user, activate user, etc etc). The activation thing is also in there because at one point I will require user to activate themselves via their email. This ensures that the e-mail provided is actually theirs.
Let me know if you have any more questions.
xmadd
-
August 26th, 2003, 12:03 AM
#22
Banned
Ok, i think i got most of it. I've narrowed the problem down to the "password('pass') thing, cause it works fine with the first example, but
with the fuction, it wont work unless you put the hash in. Here's what i entered into the SQL thing...
Code:
create table auth (
userid int unsigned not null auto_increment primary key,
username varchar(10) not null,
password varchar(30) not null,
email varchar(40) not null
);
insert into auth values
( '1', 'user', 'pass', 'test@planetmaddness.com');
insert into auth values
( '', 'admin', password('admin'), 'testuser@planetmaddness.com');
grant select, insert, update, delete
on auth.*
to tsr-corp
identified by 'password';
and i got this..
Code:
Error
SQL-query :
GRANT SELECT , INSERT , UPDATE , DELETE ON auth . * TO tsr - corpIDENTIFIED BY 'admin'
MySQL said:
#1064 - You have an error in your SQL syntax near '-corp
identified by 'password'' at line 3
but besides that, it seems to be working pretty well ^_^
-
August 26th, 2003, 12:58 AM
#23
Yeah, thats most likly because your using someone elses sql database and they don't want you messing with password and users to that database. They don't want you to be able to change any permissions on your database without them knowing. So all you have to do is take out that last part and just finish with the last insert statement.
Code:
create table auth (
userid int unsigned not null auto_increment primary key,
username varchar(10) not null,
password varchar(30) not null,
email varchar(40) not null
);
insert into auth values
( '1', 'user', 'pass', 'test@planetmaddness.com');
insert into auth values
( '', 'admin', password('admin'), 'testuser@planetmaddness.com');
Thats it...
If you look in the database you should notice that your password('admin') has be hashed in the actual database.
xmad
-
August 26th, 2003, 03:16 AM
#24
I just reread your last post again and noticed you said that the password('admin') was not working right. Are you inserting the password admin in correctly?
It should work fine. Check to make sure your script is right and is checking the databses pass by doing the query as
$query = 'select * from auth '
."where username='$userid' "
." and password=password('$password')";
the password=password('$password') part is the important part. Its querying the database by taking the seed, (admin) and passing it into a hash, and then comparing those hashes.
That would be the only reason I could think of for it not to be working properly. Make sure your table is named
auth
and that should be it.
Let me know what happens.
xmad
-
August 26th, 2003, 07:38 AM
#25
Junior Member
Please refer
Programming PHP by Rasmus Waldorf and Kevin Tatroe, chapter 12.
-
August 26th, 2003, 07:35 PM
#26
Banned
ok, i think i got it, well kinda, i think it was the creating a table part where it messed up, cause the password encyrt thing is working now, although the non-encrypted password doesn't work, but i dont think that should be a problem because i would probably encrypt them. I really appresiate all the help. I'll probably try to do an edit password and forgot password thing, but i'll email you if i have problems. Again, much thanks ^_^
-
March 31st, 2004, 04:05 PM
#27
Banned
this whole thread is really helpful! Cheers guys, i have obne question really though on the database stuff...i havent done that since I left school, are there any tutorials on setting up the databases from scratch for a newbie with a php login script in mind??
Thanks
Sco
-
March 31st, 2004, 04:24 PM
#28
I personally learned everything from the MySQL documentation. Its actually pretty good documentatin. here are some other sites that have tutorials on PHP/MySQL relationships (and database creation)
http://hotwired.lycos.com/webmonkey/...tutorial4.html
http://www.mysql.com/doc/en/Tutorial.html
http://www.freewebmasterhelp.com/tutorials/phpmysql/1
That should get you started. Let me know if you have any specific questions that arise.
xmaddness
Planet Maddness Industries
http://www.planetmaddness.com
-
April 7th, 2004, 11:04 AM
#29
Junior Member
General security
An idea similar to xmaddness's
Get it to only accept the a-z A-Z 0-9 characters for your user name and password that way you dont get any unwanted/ unknow characters and scripts doing dodgy things to your system.
DHabit
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|