Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

input compare

by anniyan (Monk)
on Jul 11, 2005 at 06:54 UTC ( #473849=perlquestion: print w/replies, xml ) Need Help??
anniyan has asked for the wisdom of the Perl Monks concerning the following question:

Monks, i have some problem in the following program.

I have databse named login and table test. I have two columns namely user and passwd(encrypted password using PASSWORD()).

What i want is to compare the password given by the user with the database. When i get the user name and password from the user through the form, i am not able to match the password using PASSWORD() function with the password in the database. This is the coding i tried. I am not able to fetch the data from the database if i used PASSWORD(), but if i removed the function, it is working properly.

The same coding is working in another system with PASSWORD(), am i missing something?

#!C:\perl\bin\perl #use strict; use CGI; use DBI; ############### cgi header part ############# $q = new CGI; print $q->header("text/html"); print $q->start_html(-title=>"details" -bgcolor =>"#FFEAA9"); ################ database handling ######### my $dbh = DBI->connect("DBI:mysql:login", {PrintError =>0, RaiseError +=>0}) ; #automatic error checking ##DBI->trace(2); # my $nam = $q->param('name'); my $pas = $q->param('pass'); my $data = qq(select * FROM test WHERE user='anniyan' and passwd = PAS +SWORD (?)); #print "$nam\t$pas\n"; my $sth = $dbh->prepare($data); $sth->execute($pas); while ((@ar) = $sth->fetchrow_array()) { print "@ar\n"; }


Replies are listed 'Best First'.
Re: input compare
by polettix (Vicar) on Jul 11, 2005 at 07:51 UTC
    This probably has nothing to do with the real problem, but I noticed that you completely ignore the $nam variable, which could possibly contain the user name.
    I am not able to fetch the data from the database if i used PASSWORD(), but if i removed the function, it is working properly.
    Are you sure that your passwords are not stored in clear?!?

    perl -ple'$_=reverse' <<<ti.xittelop@oivalf

    Don't fool yourself.

      frodo72, just now i tested in mysql prompt by executing the select statement,it is not working in my system. But in my friend's system when i executed the same select command, it is working properly. He is also having the same version. I am spending last 4 hours to get rid off this problem, but i can't.


        How I would proceed:
        SELECT CONCAT('[', passwd, ']') FROM test WHERE user='anniyan'
        This will show the password currently registered for user 'anniyan'. Note that I enclose the password field contents inside square brackets, just to see if there is any annoying char somewhere. If there is no such user, you've found the bug. Then:
        SELECT PASSWORD('insert-your-password-here') FROM test
        (I don't remember if the FROM section is needed here) This will show you what is the encrypted form of the password you're trying to use. There should be no need for brackets here, but if you're paranoid add them. If the password is not equal to the one above, you've found the bug - probably you made a typo when inserting the password. Just reset it in the database (using an UPDATE command) and you're done.

        Enough guessing for the moment :)

        perl -ple'$_=reverse' <<<ti.xittelop@oivalf

        Don't fool yourself.
Re: input compare
by neniro (Priest) on Jul 11, 2005 at 07:15 UTC

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://473849]
Approved by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2016-10-25 22:16 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (330 votes). Check out past polls.