1

I'm not exactly sure on the correct technical wording, so excuse my title, but here's the problem. I have a MySQL database, and in the user table I have *user_name*, a *password_salt*, and an md5 password containing the password then salt. In a program, users connect and I get one query to send to validate a user. When a user connects I need a way of selecting their user_name, and comparing the given password to the stored password, which requires retrieving the salt somewhere in the WHERE statement (I guess).

This is my hypothetical "example":

SELECT user_name FROM users WHERE user_name='$nick' AND password = md5(CONCAT('$md5pass', md5((select password_salt FROM users where user_name='$nick')))) LIMIT 1

Resolution Update: Got it working, thanks for the suggestions, a normal select sufficed, the problem was that the sql-auth api wasn't receiving the password unless the port was specified.

Improve this question
2
  • Why are you issuing a separate SELECT statement when you already have access to the salt in your main query? Just do WHERE password = md5(CONCAT('$md5pass', md5(password_salt))) Commented Jul 22, 2012 at 20:15
  • I was unsure as to whether salt was being received, in my original attempt, it was exactly like @kuba-wyrostek suggested, it seems that the api in use here isn't playing ball though. Commented Jul 22, 2012 at 23:44

3 Answers 3

Reset to default
1

Actually you can freely use any column from table declared in "FROM" clause not only in "SELECT" clause, but also in "WHERE" clause, so I don't see a need to subquery here. Let it be simply:

SELECT user_name FROM users WHERE user_name='$nick' AND password = md5(CONCAT('$md5pass', md5(password_salt))) LIMIT 1

This way a row is selected only if it matches both: - user name is correct - the password in row matches given password

I am not sure though if I used md5() functions correctly. I copied your example.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, this is what I had in my first attempt, it didn't work which is why I looked at sub-queries, it would seem the problem is in the api, will debug and see what it's doing.
0

SELECT user_name FROM users WHERE user_name='$nick' AND password = md5(CONCAT('$md5pass', password_salt)) LIMIT 1

Improve this answer

Comments

0

Try this instead:

SELECT user_name FROM users WHERE user_name='$nick' AND password = md5(CONCAT('$md5pass', md5(password_salt))) LIMIT 1
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.