Mysql Appears To Have Changed The 'password' Function Hashing
I've been using Mysql for about 6 months but in fairly basic fashion. For a cms I have built, I have a users table, with userName and password fields. An admin can create new users, and the password is hashed using the PASSWORD() function.
SQL: "INSERT INTO users VALUES ('', '$userName', PASSWORD('$userPwd'))
Straight out of the book basically. Now the problem is that all this has been functioning fine on a couple of sites on external servers, plus a couple of local machines.
Until today, on my main dev machine - yesterday a user could log in, today they couldn't. As far as I can tell, nothing has changed. But when I look at the hashes in the database table, they are 41 chrs, and when I add a new user, the hash is 16 characters.
I know that at some stage the hash length was increased between mysql versions, but I have not updated the install (I run XAMPP for Windows 1.4.14, which appears to install php 5.0.4 and mysql 4.1.12)
Is there any other reason that the hash length could change to 16? I'd like to know why this happened so that I'm prepared if it happens on the server (where it is not so easy to hack in and add new users that can log in again)
View Complete Forum Thread with Replies
Related Forum Messages:
Password Hashing.
My Distribution is Fedora Core 3. I have MySQL installed on my Linux webserver and I can't get the new Passwords to work The packages I installed for MySQL are: MySQL-server 4.1.12-1, MySQL-client 4.1.12-1, MySQL-shared-compat 4.1.11-0, MySQL-Max 4.1.12-1 MySQL-devel 4.1.12-1 I have runned the script MYSQL_FIX_PRIVILEGES_TABLES.
View Replies !
Password Hashing
I have a cgi script written in c++ that interacts with a mysql database. My question is this: How can I, from the administrator html page, use sha1 to hash passwords as I add new users to the website? I'll be creating their usernames and passwords myself and was wondering if I could use a function such as sha1 (or something else?) to hash the password and then store it into the database.
View Replies !
Changed Root Password, Now I Can't Do Anything
I am following the MySQL by Michael Kofler and looking at securing root access as currently it has no password. I've logged into the MySQL consol and changed password using : mysqladmin -u root -h localhost password XXX However, i now can't do anything in in mysql terminal it comes back "access denied for user 'root'@'localhost' (using password :NO)
View Replies !
Warning: Mysql_connect() [function.mysql-connect]: Access Denied For User 'debscrof'@'localhost' (using Password: NO)
Have MySQL on a VPS running CPanel MySQL v4.1.22-standard Can access MySql fine through CPanel, phpMyAdmin etc all work fine, creating databases, deleting databases, adding users etc However, when I try to use MySql from a website, it fails I created a user "test1" (which then got the username "debscrof_test1" from CPanel), a password for the user "test2", and then added the user to a new database "testdb" with all priviliges Then a simple script to connect to the database (as I am trying to locate the source of the errors), as per below: <?php $dbhost = "localhost"; $dbuser = "debscrof_test1"; $dbpass = "test2"; $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'debscrof_testdb'; mysql_select_db($dbname); ?> Have tried with " and ' around the values, with 127.0.0.1 as the host... still with the same error message: Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'debscrof'@'localhost' (using password: NO) in /home/debscrof/public_html/testdb.php on line 6 Error connecting to mysql ...any suggestions why I cannot connect? (and why it says password: NO)!
View Replies !
Password() Function
I've created a simple table called users. This table contains four columns. First_Name, Last_Name, User_Name, Password. I've used the password() function when inserting a user. I have read the documentation on using other types of encryption, but it's killing me that I can't get this to work. Robert has a User_Name of "Bob" and a password of password('tomato'). =============================== HOW I ADDED BOB insert into users values("Robert","Evans","bob",password('tomato')); 1 row added yada yada HOW I QUERY BOB select * from users where User_Name="bob" and password=password('tomato'); Empty Set =============================== That exact same query is in a tutorial for a simple PHP login form, but an empty set is returned even in the command prompt using MySQL by itself, therefore the script cannot move on.
View Replies !
PASSWORD() Function :: Not Matching Passwords
I'm writing a login.php script for my web site and am encountering some problems matching the password of the user logging in. Here's some of my code where I believe the problem to be: $query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')"; echo($query); $result = mysql_query ($query); $row = mysql_fetch_array ($result, MYSQL_NUM); if ($row) { // Start the session, register the values & redirect. session_start(); $_SESSION['first_name'] = $row[1]; $_SESSION['user_id'] = $row[0]; header ("Location: [url]http://"[/url]; . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php"); exit(); } else { $message = '<p>The username and password entered do not match those on file.</p>'; } mysql_close(); } else { $message .= '<p>Please try again.</p>'; } } I keep getting my error message "The username and password entered do not match those on file" listed above in the conditional. The server doing my hosting is running MySQL 4.1.14 - standard. The test login script that is getting passed prints out as follows: SELECT user_id, first_name FROM users WHERE username='test' AND password=PASSWORD('test1') Am I doing something wrong with the PASSWORD() function?
View Replies !
Md5 Hashing
I was reading through book on using password function for user input and did some research and many here say it is not good to use. Anyways, I got the MD5 function working for my encryption method and am wondering if it is a good choice? The site I am using it for is very small scale and will only have a couple users and the data that is accessed once hash is matched is not sensitive but am curious if it would still be an acceptable method if I had data that was very sensitve?
View Replies !
Float(m,n) Changed Between Mysql 4.0 And 5.0?
I have a float(11,10) field (default NULL) in one of my MyISAM tables. With MySQL 4.0.16, I can call an Update/Insert query with a value of , say 33.166668 to this field, and it updates correctly. When I retrieve that value again with a select statement, I get something like 33.1666668392 (10 digits after decimal). Which is correct. (The sql_mode server variable is set to 0) With the same field in MySQL 5.0, my experience is different. With the server sql_mode set to one of the strict values( SQL_TRANS_STRICT), i get an error about out of range value for the float field. when I change the sql_mode to not have the SQL_TRANS_STRICT, I get the same error as a warning, 1264 "Out of range...". When I retrieve this value, it is set to 10.0000000000, which is wrong. But , when I change the field description to float(11,5) and do an update, the value is updated right, but I get an intermittent "No rows updated" error. Could anybody please explain if the float definitions changed between versions? Does float(m,n) now mean that I can have only (m-n) digits before decimal point?
View Replies !
Changed Datadir Now Mysql Won't Run
I changed the datadir using mysql administrator (so I could "see it") (I'm using version 5.0.x under OS X 10.4.5 and now mysql won't run and I don't know how to reset the datadir. I've reinstalled mysql and when I try to run it this is what I get: iBook-G4:/usr/local/mysql michael$ sudo ./bin/mysqld_safe & [16] 12878 iBook-G4:/usr/local/mysql michael$ Starting mysqld daemon with databases from /Users/michael/Sites STOPPING server from pid file /Users/michael/Sites/iBook-G4.pid 060329 12:38:24 mysqld ended
View Replies !
Group By Question - Information That Appears In 2 Different Rows?
I'm having some problems with a quite complex query with many joins. The problem concerns the group by clause, as i'd like 2 bits of information that appears in 2 different rows. e.g id foreign_id name source_id ================================================= 1 2 Davidson 23 2 2 Davidson 20 3 5 Jones 9 4 6 Smith 20 Basically, i'd like to group this resultset by foreign id, but then order it by source_id = 20, source_id = 23. However, if i join it, i only get the one source id? There doesnt seem to be any aggregate functions to do this? The only way i have thought if is very messy, but that is to use the GROUP_CONCAT() function like so: select *, GROUP_CONCAT(sources.source_id ORDER BY source_id = 20 DESC SEPARATOR ' ') as orderByThis ...... ORDER BY sources.source_id = 23, orderByThis DESC
View Replies !
Referential Integrity Violation Appears As Missing Table
Getting a rather strange problem: when I try to delete a table that's referenced by another, the error message is very misleading. This is 4.0 on Windows, running the mysql client logged in as "root". mysql> show tables from test; +-----------------+ | Tables_in_test | +-----------------+ | testinvoice | | testinvoiceline | +-----------------+ 2 rows in set (0.00 sec) mysql> drop table test.testinvoice; ERROR 1051: Unknown table 'testinvoice' mysql> drop table test.testinvoiceline; Query OK, 0 rows affected (0.04 sec) mysql> drop table test.testinvoice; Query OK, 0 rows affected (0.04 sec) I can drop the "testinvoice" table as soon as the referring "testinvoicelines" is removed, but until then MySQL wants to pretend there's no such table.
View Replies !
Mysql Password() & Unix Crypt Password...
I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain. I now want to create a function that creates mysql databases and grant the right privileges to a user. But the problem is that mysql wants to have the plaintext password for the user in the "grant ... identified by 'pwd'" field, or in a manual query to update the password in the mysql.user table with PASSWORD('pwd'). I have another database which holds the passwords for the users, these password are stored the moment a user signs up and are used to activate services, for example ssh access to the machine. The stored passwords are encrypted using crypt(). So for adding a ssh service to a user, I simply do echo "$user:$pwdhash" | chpasswd -e. I have chosen crypt because some programs (like proftpd) don't take md5 sums. The problems is that I don't have the plaintext password. So I cannot add a mysql db. So I need to create a user in mysql with a crypt password. I tried to just "grant all privileges ... identified by 'nothing'" and then afterwards update the mysql.user table and putt the crypt password in there but it doesn't work like that. Does anyone have any idea on how I could fix this, how can I create a user in mysql without having his plaintext password and only having a crypt hash of it. I thought about not only storing a crypt hash, but also an md5 hash and a mysql PASSWORD() hash.. but I think that's an ugly solution.
View Replies !
Changed Characters
While using mysqldump to backup the databases on my server i noticed that all the the portuguese accented characters from my databases get screwed up and changed to wierd characters. What's up?
View Replies !
Changed User Privileges And Now I Can't Log In
I read several web sites and O'Reilly's book on MySQL about securing the system tables. I removed several users and, as advised inthe book and web sites, changed the user "root" to another name with another password. I removed the site name as a host but kept the IP address. Now when I use phpMySdmin to get back in, it let's me past the login popup BUT it gives me the message: Error MySQL said: Access denied for user: 'root@localhost' (Using password: YES) The data in the database is not important but the database structure/definition is. I'd like to find a way to back up or dump that. Then I can reload MySQL and start over.
View Replies !
Get The Latest Changed Records
I hava a table with the following information CREATE TABLE TEMP1 (REFID INT, REVISION INT, FIELDNAM VARCHAR(10), VALUE VARCHAR(10)); INSERT INTO TEMP1 VALUES(1001, 0, A, A2); INSERT INTO TEMP1 VALUES(1001, 0, C, C2); INSERT INTO TEMP1 VALUES(1001, 0, E, E2); INSERT INTO TEMP1 VALUES(1002, 0, A, A3); INSERT INTO TEMP1 VALUES(1002, 0, B, B2); INSERT INTO TEMP1 VALUES(1002, 0, E, E3); INSERT INTO TEMP1 VALUES(1001, 1, A, A4); INSERT INTO TEMP1 VALUES(1001, 1, E, E4); Here based on latest revision and refid I should get the fieldnam and value. Expected output: REFID FIELDNAM VALUE REVISION 1001 A A4 1 1001 E E4 1 1002 B B2 0 1001 C C2 0
View Replies !
User Information Changed
The other day someone changed every user's password on my site. Then they changed every user's email address to theirs - I assume the reason was that when the user used the password reset function, they would never see the information. I'm trying to research what/where the vulnerability is in the script that I'm suing, but I don't really know where to start - not being a hacker, I don't even know the terms to search for here or on google. Is this what is meant by mysql injection?
View Replies !
Rows Changed In Update SQL
Is there a way to find out how many rows got updated when i execute a update stmt. I would like to get the updated rows count in SQL. Let me know and Thanks in advance. update stmt where clause; now how can i get the count of rows that got updated.
View Replies !
How To Find Out Which Table Is Changed?
I dont have source code of my web application I installed. Its using mysql 5. when I create a new user account, I know "users" tables is changed, but there's also a couple other tables are modified. Is there a way I can find out which table is changed?
View Replies !
History Of Changed Percents
I have a table with data like that: percent date 50% 2007-05-01 30% 2007-05-02 30% 2007-05-03 50% 2007-05-04 50% 2007-05-05 20% 2007-05-06 20% 2007-05-07 50% 2007-05-08 70% 2007-05-09 70% 2007-05-10 The query has to return this rows: 50% 2007-05-01 30% 2007-05-02 50% 2007-05-04 20% 2007-05-06 50% 2007-05-08 70% 2007-05-09
View Replies !
All Swedish Characters Is Changed
I'm doing Kevin Yanks tutorial about how to manage users with session (with some small modifications). But when the data is inserted into the table all Swedish characters is changed to some strange "¥" and "¶". Why is it so and how to fix it? According to PHPAdmin the collation is either UTF-8 (db) or Latin1_swedish (table)?
View Replies !
Finding All Entries In Table 1 That Appears In Table 2
I have a table called offers, this is a list of holiday offers, each with a destination name. I have another table called alternatives. This is a list of alternative spellings for each destination. Each alternative is linked to a country table. A user selects a country and this numeric is used to filter results. The idea is to find all the alternative spellings for each destination to commit a query upon....
View Replies !
Date And Time Stamp A Changed Row
I am about to declare a table with 20 columns. How do I create 4 more columns: 1. current Time 2. current Day of the month 3. current Month 4. current Year Such that: a. These 4 columns are not editable by the user. b. Whenever a row is updated/inserted/replace/etc. then these 4 columns in that row are automatically updated by the system accordingly.
View Replies !
Datetime Field Changed After ALTER
To archive when a row is added, I have a column called date_added which uses the data type DATETIME. I recently added a new column to my table "ALTER TABLE mytable ADD COLUMN mycolumn INT", and my stored dates have all been changed. In hindsight, was this to be expected? I am using PHP to both push data into MySQL and pull data from MySQL. To prevent such future blunders, is it good practice to store dates as CHAR data type, and actively store the date using PHP?
View Replies !
Phone Numbers Changed On Import
I have imported a cvs data file every way I can think of and I always get this weird problem. About 75% of my 4,000 files end up with the phone number 2147483647. I searched the cvs file and this number does not exist there. Is there an explaination for this?
View Replies !
Replication :: Master Log File Position Changed
I have a simple master/slave replication environment that is working smoothly with one exception. If I restart the master server the Master Log File is incremented by one (e.g. the original master log is named data-bin.000001 and the new master log is named data-bin.000002) the slave server never notices that the Master Log File and the Master Log Position have changed. Instead, the slave sits there waiting for new entries in the old Master Log File. I can tell this by executing a SHOW SLAVE STATUS on the slave server. I am not sure about this because I can't find any documentation on the proper behavior of mysql during this scenario, however, I am under the impression that slave server should be able to figure this out and continue replicating, without requiring me to execute an "CHANGE MASTER..." command on the slave server every time the master is restarted. Of course, I assume this same problem will occur when the Master Log File grows to its maximum size and a new Master Log File is created. If anybody who has experience with mysql replication could just confirm that the behavior I am seeing is not correct, that would be great. Or if anybody has any suggestions as to what, if anything, is wrong with my setup. Code:
View Replies !
Row Cannot Be Located For Updating. Some Values Might Have Changed Since It Was Last Updated
I've recently migrated from access to mysql with vb6). Unfortunately, i get the following error whenever the .update is executed on the recordset. "Row Cannot be located for updating. Some values might have changed since it was last updated" The select statement is: Select * from tablename, connection,3,3 (have also modified the 3,3, to be adOpenDynamic, adLockOptimistic) I have tried checking the flag To Return Matching Rows, I've added the option = 2 in the connection string, i have a primary key field in the table, and I've also tried re-assigning it to itself.
View Replies !
String Error - Quotes Changed To Question Marks
I recently converted an asp/access site to an asp/mysql site. Now all my strings are displaying funky. For example if I have the text - Why don't we say "Yipee" - it displays on my site as - Why don?t we say ?Yipee?. The same change is being made when I use a sentence with "..." in it. I like ... baseball is changed to - I like?baseball. Any thoughts as to why this is happening? Sometimes it is actually being changed somehow in the database, and sometimes it is correct in the database, but then changed when it displays on the web.
View Replies !
IF Function,GROUP BY,aggregate Function Problems
Yep, I have all those problems in the title. So I'll explain each one at a time - I did have another thread relating to this very same query but I thought it was time to update where I am with the query because at the moment I feel like I am getting nowhere! The query I have basically searches through an items_ordered table through each product and checks to see whether the item is VATable or not. This is not where I have the problem though. Where I am really having the first problem is when I am trying to use the IF function to check if the TOTAL of an order is over £300. IF it is then I multiply it my 0.95 (i.e. 5% off). With the query below I get no errors but neither do I get the desired result. It's as though it couldn't even see it. =....
View Replies !
Random Password Vs. User Created Password For Site Login
Are there any security issues or other concerns that make one preferable? The client is pushing for user created passwords. I'm mapping out the basic functionality and front-end for a MySQL/PHP back-end that will be completed by a third party. I'm a novice to MySQL but familiar with PHP and their interaction. Mainly looking for anything to support one method over the other.
View Replies !
Function In MYSQL
I am using MYSQL 5.0.22. My database name is 'normal'. It could contain 2 tables, such as Itemgroup & Itemlist. I tried with the FUNCTION query for Concatination purpose. Funtion name is Serial, The Query is, CREATE FUNCTION Serial (s CHAR(10)) RETURNS CHAR(25) RETURN CONCAT('SALES',s,'IND'); It would say the error as followes, ERROR 1044 (42000): Access denied for user 'root'@'%' to database 'normal' Is the Query right or wrong? or How will I used (or) handiled the FUNCTION option? If any one knows, please guid me
View Replies !
Mysql 4 Function From A Mysql 5 Function
I found this function on the mysql website : CREATE FUNCTION substrCount(x TEXT, delim varchar(100)) RETURNS int RETURN (length(x) - length(REPLACE(x, delim, ''))) / length(delim); That works perfectly with mysql 5. But when I try to import this to mysql 4, I have an error : suse-server:/partages # mysql mybase <function-add.sql> output.tab ERROR 1064 (42000) at line 1: You have an error IN your SQL syntax; CHECK the manual that corresponds TO your MySQL server version FOR the RIGHT syntax TO USE near '(x TEXT, delim varchar(100)) returns int return (length(x)-length(REPLACE(x, del' at line 1
View Replies !
NOW() Function MySql
We are developing a tool here that uses a php script to insert data into a MySQL 5.0.41 database running with the INNODB engine. While tracking a bug we noticed a strange effect. Each insert query contains a call to the NOW() function to store the create data of the record into a field automatically. Therefore we can expect in my opinion that the timestamps of the records are increasing simultaniously with the autoincrement key of the table. This actually is not the case. On the contrary the timestamps are jumping up and down with large differences. For example we have the record with ID1 that got the timestamp 14 minutes 2 seconds where ID2 got 15 minutes 15 seconds and ID3 14 minutes 9 seconds. How could this be? Does it mean that the server does not execute the statements in the order he receives them? Is it possible that it took more than a minute to execute a simple insert statement?
View Replies !
MYSQL Function For 'or'?
In the context of a where statement, what is the correct way to say 'or' as in the following: SELECT * FROM table WHERE field1 [or] field 2 LIKE "%$query%" This is for a basic search feature where people are tending to misspell words, I'd like to add a search words column that will also be searched.
View Replies !
I Can Connect With Db Password Or Blank Password
I have a password setup for root (% and localhost) in Mysql 5.0.26, I can connect ok no problem. I can also connect with blank password! I know it is checking the password cuz it fails if it's wrong. I'm sure I have only one account as well (tried to delete, recreate, etc... no change) select * from user where user='root'; | localhost | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ... | % | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ... Is there an option to accept blank password!? I have this problem only for root user; Other accounts are fine.
View Replies !
Is There Trigger Function In MySQL ?
It seems to me that there is no trigger function in MySQL but I am = not sure. Recently, I have a project which need the trigger function when MySQL = database server receive a alert information and wake up some procedure. = Is there any other method to do the same functionality of trigger as in = ORACLE databse ?
View Replies !
|
TRACKER
