Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

input compare

by anniyan (Monk)
on Jul 11, 2005 at 06:54 UTC ( [id://473849]=perlquestion: print w/replies, xml ) Need Help??

anniyan has asked for the wisdom of the Perl Monks concerning the following question:

Monks, i have some problem in the following program.

I have databse named login and table test. I have two columns namely user and passwd(encrypted password using PASSWORD()).

What i want is to compare the password given by the user with the database. When i get the user name and password from the user through the form, i am not able to match the password using PASSWORD() function with the password in the database. This is the coding i tried. I am not able to fetch the data from the database if i used PASSWORD(), but if i removed the function, it is working properly.

The same coding is working in another system with PASSWORD(), am i missing something?

#!C:\perl\bin\perl #use strict; use CGI; use DBI; ############### cgi header part ############# $q = new CGI; print $q->header("text/html"); print $q->start_html(-title=>"details" -bgcolor =>"#FFEAA9"); ################ database handling ######### my $dbh = DBI->connect("DBI:mysql:login", {PrintError =>0, RaiseError +=>0}) ; #automatic error checking ##DBI->trace(2); # my $nam = $q->param('name'); my $pas = $q->param('pass'); my $data = qq(select * FROM test WHERE user='anniyan' and passwd = PAS +SWORD (?)); #print "$nam\t$pas\n"; my $sth = $dbh->prepare($data); $sth->execute($pas); while ((@ar) = $sth->fetchrow_array()) { print "@ar\n"; }

Regards,
Anniyan

Replies are listed 'Best First'.
Re: input compare
by polettix (Vicar) on Jul 11, 2005 at 07:51 UTC
    This probably has nothing to do with the real problem, but I noticed that you completely ignore the $nam variable, which could possibly contain the user name.
    I am not able to fetch the data from the database if i used PASSWORD(), but if i removed the function, it is working properly.
    Are you sure that your passwords are not stored in clear?!?

    Flavio
    perl -ple'$_=reverse' <<<ti.xittelop@oivalf

    Don't fool yourself.

      frodo72, just now i tested in mysql prompt by executing the select statement,it is not working in my system. But in my friend's system when i executed the same select command, it is working properly. He is also having the same version. I am spending last 4 hours to get rid off this problem, but i can't.

      Regards,
      Anniyan

        How I would proceed:
        SELECT CONCAT('[', passwd, ']') FROM test WHERE user='anniyan'
        This will show the password currently registered for user 'anniyan'. Note that I enclose the password field contents inside square brackets, just to see if there is any annoying char somewhere. If there is no such user, you've found the bug. Then:
        SELECT PASSWORD('insert-your-password-here') FROM test
        (I don't remember if the FROM section is needed here) This will show you what is the encrypted form of the password you're trying to use. There should be no need for brackets here, but if you're paranoid add them. If the password is not equal to the one above, you've found the bug - probably you made a typo when inserting the password. Just reset it in the database (using an UPDATE command) and you're done.

        Enough guessing for the moment :)

        Flavio
        perl -ple'$_=reverse' <<<ti.xittelop@oivalf

        Don't fool yourself.
Re: input compare
by neniro (Priest) on Jul 11, 2005 at 07:15 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://473849]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (7)
As of 2024-03-29 00:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found