Basically I just did a query to see if the user exists with the encrypted password.
$res = $db->query("SELECT password FROM users where username='$username' and password=password('$password') "); $row = $db->fetchObject( $res ); $newPass = $row->{'password'};
if we get something back we authed, otherwise we didnt.
Good luck!
Thanks
Darren
On Thu, Aug 27, 2009 at 7:46 AM, PlatonidesPlatonides@gmail.com wrote:
Happy-melon wrote:
"Darren Kemp" darrenkemp@gmail.com wrote in message news:1d83a8940908261052h7feedb1fi5d841db6f99a39a7@mail.gmail.com...
I have solved this issue. Thanks to those who read and offered advice.
Using the method Michael Daly suggested? I know for a fact that I'm going to have to do this on a new project of mine in the next few weeks, it would be nice to have an idea of how to proceed.
--HM
I wouldn't perform an extra query just to encode the password.
MysqlAuthPlugin::authenticate($username, $password) { /**connect to mysql table */ mysql_query("SELECT host FROM user WHERE user='$username' AND password=PASSWORD('$password')"); //Need to be mysql_escaped for any real use
/* Iterate checking that at least one host matches the user one Or simply check that some row was returned, in which case you can add a LIMIT 1. */ }
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l