To my knowledge it isn't possible to "decrypt" the PASSWORD function in
MySQL (you need to use MySQL ENCRYPT/DECRYPT for that). However, it's
possible to use PASSWORD on the user-provided string too. You could try
the following code:
$query="SELECT * FROM users where username='$PHP_AUTH_USER' AND
passwd=PASSWORD('$PHP_AUTH_PW');
$result = mysql_query($query)
or die("Couldn't execute query!");
if (mysql_num_rows($result) > 0) {
// user exists
}
else {
// user don't exist
}
Kindly
/lasso ([EMAIL PROTECTED])
Liam Mackenzie wrote:
> Hi all,
> I do this:
>
>
> dbconnect();
> $query="SELECT * FROM users where username='$PHP_AUTH_USER'";
> $result=mysql_query($query);
> $list=mysql_fetch_array($result);
> if ($PHP_AUTH_PW !== $list[passwd] || "" == $PHP_AUTH_PW || "all" !=
> $list[domain]){
> Header("WWW-authenticate: basic realm=\"EMM\"");
> Header( "HTTP/1.0 401 Unauthorized");
> unauthorized();
> exit;
> }
> }
>
>
>
>
> Noe this bit:
> if ($PHP_AUTH_PW !== $list[passwd]
>
> My problem is that the password stored in MySQL was done with password(), so
> it comes out similar to this as plain text:
>
> 072g307j9236a82h3u
>
>
> How do I Un password() it?
>
> I have RTFM but to no avail.
>
> If you tell me to RTFM again, at least tell me what to search for ;-)
>
> Cheers,
> Liam
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
