hi all, A perl code that wont work.When i'm typing the username and password in an html page-- which is being validated with mysql, i'm being shown "Username or Password Incorrect!" which should not be the case. Instead i shud get a "Thank You" message. A couple of guys told me to include a code to md5 the password i'm entering in the textbox, and then match it with the encrypted password (which also has to be fetched using some particular code). Only then i'll be able to authenticate. And i dont have access to MYsql client on a terminal window. i can access it through a web interface. I can see the table structure there which shows the passwords as encrypted. My code looks as follows -- #!/usr/bin/perl use CGI; use CGI::Carp qw/fatalsToBrowser warningsToBrowser/; use DBI; my $query = new CGI; print $query->header(); warningsToBrowser(1); #print $query->start_html(-title=>'LOGIN PAGE'); $db="database"; $host="host"; $user="user"; $password=pwd; if(($query->request_method() eq "POST") && ($query->param("user") ne '') && ($query->param("password") ne '')) { $chkuser=$query->param("user"); $chkpassword=$query->param("password"); $dbh = DBI->connect("DBI:mysql:database=$db:host=$host", $user, $password) or die "Can't connect to database:$DBI::errstr\n"; $qry = $dbh->prepare("SELECT emp_name, password FROM new_user where emp_name=$chkuser"); $qry->execute; @row=$qry->fetchrow_array; $name=$row[0]; $password=$row[1]; if ($chkuser eq $name && $chkpassword eq $password) { print " Thank You! "; $dbh->disconnect; print $query->end_html(); } else { print "<HEAD> Username or Password Incorrect!</HEAD>"; print "Please Try Again"; $dbh->disconnect; print $query->end_html(); } } else { #print "Content-type: text/html\n\n"; #print <<EOF; print "<HTML>"; print "<BODY>"; print "<FORM METHOD='POST' ACTION='login_main.pl'>"; print " Username:</p>"; print "<input type='text' name='user'> "; print " Password:</p>"; print "<input type='password' name='password'> "; print "<input type='submit' value='submit'> "; print "</FORM>"; print "</BODY>"; print "</HTML>"; #EOF #print $query->end_html(); } If anyone could help me out of this one..it would be great Thank You naveen

If the passwords have been md5 hashed (not encrypted) before being placed in the records then obviously they won't match the text passwords. You can either put a note on the web page form asking the users to calculate the md5sum of their passwords and enter that in the password field ;-) or write code to compare the db entry against an md5sum of what the user enters in the password field. If you have access to a *nix system, 'man Digest::MD5'

See my post in the other thread of yours reguarding this issue.