Обсуждение: Authenticating user
Hi all ! I am coding an application where I need to identify an user with username and password. His credentials are checked against the corresponding postgresql database user. I have been reading a good tutorial at devshed.com about how to do this but it is done in mysql in the example. The author claims that the best way to check if the user is valid is by sending this query: $query = "SELECT id from user WHERE username = '$user' AND password = PASSWORD('$pass')"; This way I could see if the user is valid by counting the results returned by the query without returning the credentials info. I kind of need a PASSWORD function for postgresql. Does it exist? I have been searching the docs but couldn't find it. I have tried: $query="SELECT usename from pg_user WHERE usename ='$user' AND password='$pass'; but it won't work. The only way it works is by doing this query: $query="SELECT usename from pg_shadow WHERE usename ='$user' AND password='$pass'; as the postgres user but I feel that I shouldn't be using the superuser or the security could be in risk. I would appreciate any comments, thank you. Adrian Tineo
Adrian, > Yes, that's what I did in the end. Thank you. > I didn't want that solution at first because I wanted to separate the > error for bad credentials from the error for db server not running. I > managed to do that by "output buffering" the error message and > analysing the string. FYI, we're using pam_auth together with a remote NFS authentication server to validate the users of our latest intranet project. It works flawlessly. -Josh Berkus