password() not working

karthikanov24 · #1 (**permalink**) 10-12-09, 06:13 AM

hi
the PASSWORD( ) used in the following code, is used to take the newly added password from user to database

Code:

function addUser()
{
    $userName = $_POST['txtUserName'];
	$password = $_POST['txtPassword'];
		
	// check if the username is taken
	$sql = "SELECT user_name
	        FROM tbl_user
			WHERE user_name = '$userName'";
	$result = dbQuery($sql);
	
	if (dbNumRows($result) == 1) {
		header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));	
	} else {			
		$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
		          VALUES ('$userName',PASSWORD('$password'), NOW())";
	
		dbQuery($sql);
		header('Location: index.php');	
	}
}

But here in the admin login code as follow,the PASSWORD( ) is not working. If a call is made to this funtion it shows error as:UNDEFINED FUNCTION PASSWORD( )

Code:

function doLogin()
{
	
	$userName = $_POST['txtUserName'];
	$password=PASSWORD($_POST['txtPassword']);
        
	
	// first, make sure the username & password are not empty
	if ($userName == '') {
		$errorMessage = 'You must enter your username';
	} else if ($password == '') {
		$errorMessage = 'You must enter the password';
	} else {
		// check the database and see if the username and password combo do match
		$sql = "SELECT user_id
		        FROM tbl_user 
				WHERE user_name = '$userName' AND user_password = '$password'";
				
		$result = dbQuery($sql);

what is the correct codes.....?

Thanks
karthikanov24

wirehopper · #2 (**permalink**) 10-12-09, 03:35 PM

PASSWORD is a MySQL function, you can't use it as a PHP function.

In the SQL that authenticates, you can use WHERE `password`=PASSWORD('$sPassword')

karthikanov24 · #3 (**permalink**) 10-13-09, 12:04 AM

hi
when i used replaced with your said codes,still its not working....
The login is done only when we type the password which are in form of hashes present in database.....

thanks
karthikanov24