blue_smartie Posted May 16, 2011 Share Posted May 16, 2011 Hello all, I a have been using PHP for about 6 months now, but I am having trouble working out why the following code doesn't work. I have this query which should put an encypted password into my database, but it just sends it in plain text. $query=("update user_security set password=password('" . $new_pass . "') where username = '" . $row['username'] . "'"); Here is the output from echoing the query update user_security set password=password('wddEejBDmDA') where username = 'douggy_1' When I look at the database all that in the password field is wddEejBDmDA but I would like it encrypted. I have spent hours trying to sort this any help would be greatly appreciated. Thanks (Not sure if I should have posted this in the MySQL section, sorry, new to all this.) Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 Its likely that you are either not executing the query in your code or the query produces an error and doesn't run. What is your whole code. Also, you should NOT use the mysql password() function to do this - The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. And, if you are doing this for all the rows in your table, you don't need any php code to retrieve and loop through all the usernames. You can use ONE single UPDATE query to update all the rows at once. An update query without a WHERE clause will operate on all the rows in your table at once. Quote Link to comment Share on other sites More sharing options...
blue_smartie Posted May 16, 2011 Author Share Posted May 16, 2011 Hi thanks for the reply, here is the code. The query must execute as the database is updated, its just the password is in plain text. I'm really new to the world of computer programming, so I should be using the md5() function then? <?php session_start(); include ("registration_functions.php"); db_connect(); //declare variables $query = ("select * from user_details where email = '" . $_POST['security2'] . "'"); $result = mysql_query($query); $row = mysql_fetch_array($result); echo $query; echo "<br />"; $query=("select * from user_security where username = '" . $row['username'] . "'"); $result=mysql_query($query); echo $query; echo "<br />"; $row = mysql_fetch_array($result); if ($row['security_answer']==$_POST['security1']){ $query=("insert into previous_passwords (username, old_passwords) values ( '" . $row['username'] . "','" . $row['password'] . "')"); $result=mysql_query($query); echo "<br />"; echo $query; $new_pass=password_generator(); $query=("update user_security set password=password('" . $new_pass . "') where username = '" . $row['username'] . "'"); $result=mysql_query($query); echo "<br />"; echo $query; $to = $_POST['security2']; $subject = "Temporary password request"; $body = "Your password has been reset, here is your new temporary password ". $new_pass; if (mail($to, $subject, $body)) { $content=$to . "--" . $subject . "--" . $body; $query=("insert into emails (username, email_address, subject, content) values ('" . $_POST['username'] . "','" . $to . "','" . $subject . "','" . $body . "')"); $result=mysql_query($query); echo("<p>A new temporary password has been sent to " . $_POST['security2'] . "</p>"); } } else echo "error"; ?> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 There's no way the posted update query is putting the $new_pass value into the table. Either that's not your actual code that is being executed on your server or you have some other code on the page that is doing set password='$new_pass' Are you sure you saved the code you posted to the server? Quote Link to comment Share on other sites More sharing options...
blue_smartie Posted May 16, 2011 Author Share Posted May 16, 2011 The only other code connected to this script is the functions page (to connect to my db and to generate the random passwords) and the page containing the form (purely a request for new password form). This is the whole script, each time I execute it, a new password is created and inserted into my database but in plain text. Sorry I hope that makes sense. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 Are you sure you are looking in the correct table? Again, computers only do exactly what their code tells them to do. If you echoed the $query string and the value shown for $new_pass is what gets updated in the user_security table, either that's not the actual code or the values you are looking at are not actually the same between what was echoed and what is in the table or you are not looking in the correct table. Quote Link to comment Share on other sites More sharing options...
blue_smartie Posted May 16, 2011 Author Share Posted May 16, 2011 Hi, I've ran the script again and double checked everything and it now seems to be encrypting the password and inserting it into the database like I wanted despite the fact I have not made a single change. Really sorry to waste your time, your help was much appreciated. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2011 Share Posted May 16, 2011 Are you trying to do this on a shared hosting, live web server? Quote Link to comment Share on other sites More sharing options...
blue_smartie Posted May 16, 2011 Author Share Posted May 16, 2011 It's stored on a web server but its not accessible by the public. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.