Php programming help

software development

#1

Quick backstory:

  1. person who wrote PHP code and set up mySQL database is out of country and not available.
  2. I am backup person, but do not understand PHP, I’m in northern Canada and unable to talk to the few people I know who could help me or look in my reference books and won’t be back in the states for another 8 weeks.
  3. Unable to login to admin page of a website due to changes in mySQL.

I contacted Dreamhost support help and they were able to point out the problem:
“You used (PASSWORD() function in your SQL call, which is a volatile function
and subject to change at the MySQL team’s whim.
Unfortunately, this function changed recently with the previously announced upgrade to MySQL 5.1, and as such, all of your stored passwords are effectively un-usable as the PASSWORD() function no longer returns the correct values.
In order to fix this up, you’ll want to remove all references to the PASSWORD() function and replace them with something better, as described above.”

OK, I know that I have to go into phpMyAdmin go to the admin list and
select the admin, use the drop down box to select MD5 instead of PASSWORD. I also know I need to change the PHP code, but here’s where I go stupid. Since what I know about PHP would fill a grain of salt (maybe), I am not sure what to change!
Here’s bits of code that has “password” in it:

// initialize some stuff we will need sooner or later
$username = “”;
$fullname = “”;
$password = “”;
$newpassword = “”;
$active = “”;

and
$username = $_REQUEST[“username”];
$email = $_REQUEST[“email”];
$fullname = mysql_escape_string($_REQUEST[“fullname”]);
if($_REQUEST[“password”])
$password = “password(’” . $_REQUEST[“password”] . “’)”;

and
{
$queryString = “insert into admins(adminid, username, password, fullname,”;
$queryString .= “active, dbadmin, admins, members, email, emailing, mailing,”;
$queryString .= “events, routes, types, news, polls, officers, welcome,links, ads,”;
$queryString .= " newpassword,createdby, createdon,updatedby, updatedon) values (";
$queryString .= “null,’$username’, $password,’$fullname’,”;

and finally
{
$queryString = "update admins set ";
$queryString .= “username = ‘$username’,”;
if($password)
$queryString .= “password = $password,”;
$queryString .= “fullname = ‘$fullname’,”;

Thanking you in advance… Any help would be appreciated.


#2
Change this to:
[code]$password = "MD5('" . $_REQUEST["password"] . "')";[/code]

Change this to:


#3

Thank you!

That was a simple fix but I didn’t want to muck around in the code and blow things up…

Again, Thank you very much for the quick response.


#4

how can you change it midway? I dont know much about your application but say I had a password:123456. and u were previously using Password(123456) in your query to log me in… Now if you change password to md5(123456) it shouldnt work should it? as the encryption of password() and md5() are different?

I hope you understand what I m trying to say!


#5

Yes, the encryption is different. So, after selecting the MD5 option in the mySQL database, I reset all passwords to a new password.

Worked fine…