Authenticating user - Mailing list pgsql-php

From adriantineo@softhome.net
Subject Authenticating user
Date
Msg-id courier.3D9B3D46.0000179E@softhome.net
Whole thread Raw
List pgsql-php
Hi all !

I am coding an application where I need to identify an user with username
and password. His credentials are checked against the corresponding
postgresql database user. I have been reading a good tutorial at devshed.com
about how to do this but it is done in mysql in the example. The author
claims that the best way to check if the user is valid is by sending this
query:
$query = "SELECT id from user WHERE username = '$user' AND
password = PASSWORD('$pass')";
This way I could see if the user is valid by counting the results returned
by the query without returning the credentials info.

I kind of need a PASSWORD function for postgresql. Does it exist? I have
been searching the docs but couldn't find it.

I have tried:
$query="SELECT usename from pg_user WHERE usename ='$user' AND
password='$pass';
but it won't work. The only way it works is by doing this query:
$query="SELECT usename from pg_shadow WHERE usename ='$user' AND
password='$pass';
as the postgres user but I feel that I shouldn't be using the superuser or
the security could be in risk.

I would appreciate any comments, thank you.

Adrian Tineo

pgsql-php by date:

Previous
From: Andrew McMillan
Date:
Subject: Re: Connecting PostgreSQL db using Pear
Next
From: "Josh Berkus"
Date:
Subject: Re: Authenticating user