www.webdeveloper.com
Results 1 to 8 of 8

Thread: [RESOLVED] php / sql password question

Hybrid View

  1. #1
    Join Date
    Feb 2010
    Location
    Grantham, UK
    Posts
    103

    resolved [RESOLVED] php / sql password question

    Hi. Am brand new to building server-side scripts and am trying to work out what I need to research next.

    I am wanting to add password access to my website with different users. I will also need a "sign up" page eventually, but that's a bit down the line.

    Have been told that SQL is best for databases, but most password access seems to be done with PHP.

    Is it a case of personal preference, or is it a combination of the two, and if so, which is the better one to study first?

    I know the answers may be "duh..." but have never looked into this before.

    Any help with be gratefully appreciated.
    Last edited by max2474; 03-11-2010 at 09:22 AM. Reason: should have read faq's.... :)

  2. #2
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    The database is for storing data and performing logic closely related to data storage. This may or may not include 1-way encrypting passwords. Typically, it's a tiny bit more secure (and flexible) to perform password encryption in PHP.

    So, in your PHP script you might have snippets like this ...

    PHP Code:
    // creating a user

    $user mysql_escape_string($_POST['user']);
    $enc_pass sha1($_POST['pass']);
    $query "insert into users set user='{$user}', pass='{$enc_pass}'";
    if (
    mysql_query($query)) {
      
    // success actions
    } else {
      
    // failure actions

    PHP Code:
    // authenticating a user

    $user mysql_escape_string($_POST['user']);
    $enc_pass sha1($_POST['pass']);
    $query "select * from users where user='{$user}' and pass='{$enc_pass}'";
    if (
    $result mysql_query($query)) {
      if (
    $row mysql_fetch_assoc($result)) {
        
    // success actions
      
    } else {
        
    // no matching user actions
      
    }
    } else {
      
    // failure actions

    ... things like, but not necessarily, that.

  3. #3
    Join Date
    Nov 2008
    Posts
    2,477
    SQL is the name of the language used to interact with a DBMS (Database Management System). The most popular DBMS to be used with PHP is MySQL, so will probably want to get that installed if you haven't already.

    User management is almost always done with a combination of PHP and a DBMS. User details are stored in a database table, and PHP authenticates the supplied login details against these user details.

    I will say as a word of warning, user management systems tend to be an area where new programmers leave (sometimes massive) security holes. Please don't do the same as most people and go into this project thinking "if I can get it so it works I'll be happy". If it's not secure, it's broken.

    If you've just started you will first want to get the PHP basics sorted. Areas you probably want to look at are (securely) interacting with a MySQL database, string hashing, sessions, maybe cookies. Once you've done that (or even before), have a read of this and take note of its info when you design your system.

  4. #4
    Join Date
    Feb 2010
    Location
    Grantham, UK
    Posts
    103
    thanks for the info. Have just installed apache (xampp) and am suddenly a little lost...lmao. will take me a bit to work out what i am doing, then i can look at getting started with php.

    Have heard/read the same about security, so I am definately keeping that in mind.

    Intrestingly, the install gave me a USB stick option...does this mean I can install on here and have a portable "server" for programming website on different computers. (I use two comps at home, and need to be able to switch from one to the other.) Am not intending to use this to host my site, just for helping me programme it.

    Again, many thanks. Just about to read the security guide.

  5. #5
    Join Date
    Mar 2010
    Posts
    97
    if your just starting out, the AppServ open project is the easiest thing to get up and running locally on a windows machine.

  6. #6
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    Are you hoping to gain experience working in an apache environment specifically? Or do you just need some web server?

    ... Windows comes with one (IIS) that works just fine.

  7. #7
    Join Date
    Aug 2010
    Location
    texas
    Posts
    1

    sql password question

    Change sql sa password by using command prompt
    Open a command prompt (Start -> Run -> cmd)
    Type the follow commands, and press Enter after each line.
    Osql –S yourservername –E
    1>EXEC sp_password NULL, ’yourpassword’, ’sa’
    2>GO
    The yourservername is the name of your server, yourpassword is the new sql sa password.
    Other ways to reset sa password.

  8. #8
    Join Date
    Apr 2013
    Posts
    1
    Change SQL Server password by Windows Authentication. If Builtin/Administrator is present in SQL Server, you can login with an ID which is member of Administrators group and change sa password in SQL Server. Just do as follows:
    1. Login into SQL server using Windows Authentication.
    2. In Object Explorer, open Security folder, open Logins folder. Right Click on sa account and go to Properties.
    3. Type a new SQL sa password, and confirm it. Click OK to finish.
    After restarting SQL Server and all its servers, you can log into SQL Server by sa login with new SQL sa password.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles