SQL-based authentication: Difference between revisions
Content added Content deleted
Line 471: | Line 471: | ||
function authenticate_user(dbh, username, pw) |
function authenticate_user(dbh, username, pw) |
||
mysql_stmt_prepare(dbh, "SELECT pass_salt, pass_md5 FROM users WHERE username = ?;") |
mysql_stmt_prepare(dbh, "SELECT pass_salt, pass_md5 FROM users WHERE username = ?;") |
||
pass_salt, pass_md5 = mysql_execute(dbh, [MYSQL_TYPE_VARCHAR], [username], opformat=MYSQL_TUPLES)[1] |
pass_salt, pass_md5 = mysql_execute(dbh, [MYSQL_TYPE_VARCHAR], [username], opformat=MYSQL_TUPLES)[1] |
||
pass_md5 == digest("md5", pass_salt * username) |
pass_md5 == digest("md5", pass_salt * username) |
||
end |
end |
||
Line 482: | Line 481: | ||
println("""John authenticates correctly: $(authenticate_user(mydb, "John", "johnspw")==false)""") |
println("""John authenticates correctly: $(authenticate_user(mydb, "John", "johnspw")==false)""") |
||
println("""Mary does not authenticate with password of 123: $(authenticate_user(mydb, "Mary", "123")==false)""") |
println("""Mary does not authenticate with password of 123: $(authenticate_user(mydb, "Mary", "123")==false)""") |
||
mysql_disconnect(mydb) |
mysql_disconnect(mydb) |
||
</lang> |
</lang> |