login varification from 2 tables in one form

I noticed that Message-ID:
<1e**************************@posting.google.com > from Jaunty Edward
contained the following:

I wanted to know is it posible to have one log in window and then
varify the username password from 2 different table in same DB.
that means I have one log in form and then I take info from 2
different tables to varify if the user-pass combination in any of the
table maches to the input values.
My bosss wants me to make soemthign like this, as far as I know its
not posible in PHP but still comfirming

Don't see why it's not possible. I'm not sure /why/ you'd want to do it
that way but there is no problem running multiple queries


--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Geoff Berrow wrote:

I noticed that Message-ID:
<1e**************************@posting.google.com > from Jaunty Edward
contained the following:

I wanted to know is it posible to have one log in window and then
varify the username password from 2 different table in same DB.
that means I have one log in form and then I take info from 2
different tables to varify if the user-pass combination in any of the
table maches to the input values.
My bosss wants me to make soemthign like this, as far as I know its
not posible in PHP but still comfirming

Don't see why it's not possible. I'm not sure /why/ you'd want to do it
that way but there is no problem running multiple queries

table1
id
username

table2
id
password

select a.username,b.password from table1 a, table2 b
where a.id = b.id and
a.username = '$username' and
b.password = password('$password');

If the record set is empty, there is no match and you should re-direct to the
login page.

or even a single query using a simple join. If your boss is thinking about
security, well, anyone that gets access to db would eventually figure out the
entity relationships and still get what they want.

For passwords in MySQL, you can PASSWORD() to encode them. This is a one-way
encryption. In other words you would verify that the encrypted version of the
password passed in on the form is the same as the stored password in the
database and there are no tools/methods to unscramble the password to find out
what the real password is.

--
Michael Austin.
Consultant - Available.
Donations welcomed. Http://www.firstdbasource.com/donations.html
:)

On 28 Aug 2004 04:18:45 -0700, sm***********@hotpop.com (Jaunty
Edward) wrote:

hello Friends,
I wanted to know is it posible to have one log in window and then
varify the username password from 2 different table in same DB.
that means I have one log in form and then I take info from 2
different tables to varify if the user-pass combination in any of the
table maches to the input values.
My bosss wants me to make soemthign like this, as far as I know its
not posible in PHP but still comfirming

PLease help
thanks
Jaunty

I don't know if you mean you have the usernames in one table and the
passwords in another table, (in which case you have another answer
here already), or if you want to check against two different tables
with username/password combinations.
In the latter case, it should't be any problem do check against one
table first, and if that fails, check the other.
First match logs you in.

On Sat, 28 Aug 2004 13:56:23 +0000, Michael Austin wrote:

For passwords in MySQL, you can PASSWORD() to encode them. This is a
one-way encryption. In other words you would verify that the encrypted
version of the password passed in on the form is the same as the stored
password in the database and there are no tools/methods to unscramble the
password to find out what the real password is.

Actually, according to the MySQL documentation, we should _not_ use
PASSWORD() to encrypt passwords. The implementation (and therefore the
results) may change between versions of MySQL (indeed this has already
happened). Instead Use a standard hashing function such as SHA1 or MD5.
Be sure your password field is "binary" and is long enough to hold the
result of whatever hashing function you decide on(40 or 32 bytes,
respectively).

HTH,
La'ie Techie

L�ʻie Techie wrote:

Be sure your password field is "binary" and is long enough to hold the
result of whatever hashing function you decide on(40 or 32 bytes,
respectively).

Rather, you should ensure your password field is a VARCHAR/CHAR field
with length 40 or 32. The MySQL functions SHA1 and MD5 in current
implementations return 40- and 32- character strings - the hexadecimal
representation of the binary value - rather than the raw binary value.

--
Jasper Bryant-Greene
Cabbage Promotions