Username correct, password incorrect?

Posted by jonnnnnnnnnie on Stack Overflow See other posts from Stack Overflow or by jonnnnnnnnnie
Published on 2010-12-25T15:57:12Z Indexed on 2010/12/26 5:54 UTC
Read the original article Hit count: 167

Filed under:
|
|

In a login system, how can you tell if the user has entered the password incorrectly? Do you perform two SQL queries, one to find the username, and then one to find the username and matching (salted+hashed etc) password? I'm asking this because If the user entered the password incorrectly, I want to update the failed_login_attempts column I have.

If you perform two queries wouldn't that increase overhead?

If you did a query like this, how would you tell if the password entered was correct or not, or whether the username doesn't exist:

 SELECT * FROM author 
 WHERE username = '$username'
 AND password = '$password'
 LIMIT 1

( ^ NB: I'm keeping it simple, will use hash and salt, and will sanitize input in real one.)

Something like this:

$user = perform_Query() // get username and password?

 if ($user['username'] == $username && $user['password'] == $password)
 {
     return $user;
 }
 elseif($user['username'] == $username && $user['password'] !== $password)
 {   // here the password doesn't match
     // update failed_login_attemps += 1
 }

© Stack Overflow or respective owner

Related posts about php

Related posts about sql