By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,705 Members | 1,451 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,705 IT Pros & Developers. It's quick & easy.

Having problems with my php login script

P: n/a
Me
I made a login script which retrieves username and password from a database,
I can get it to work if the passwords in the database are not encrypted and
if I dont encrypt the password when it is entered, but if I encrypt the
password that has been entered and try to match with the encrypted one in
the database then it does not work, can anyone help me please, I have
included both the sources here.

Source with password not encrypted:

<?php
session_start();
require('db_connect.php');

$username = $_POST['username'];
$oldpass = $_POST['password'];

if(!$username) {
include 'login_nothing.php';
exit();
}

if(!$password) {
include 'login_nothing.php';
exit();
}
mysql_select_db('poweredge', $link);
$sql_query = mysql_query("SELECT * FROM users WHERE username = '$username'
AND password = '$oldpass'");

if(!$sql_query) {
echo "Fatal error";
exit();
}

$login_check = mysql_num_rows($sql_query);

echo "$login_check";

if($login_check == 0) {
include 'login_error.php';
exit();
}

if($login_check == 1) {

session_register('username');
session_register('password');
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

header("Location: memberspage.php");
}
?>

Source with password encrypted:

<?php
session_start();
require('db_connect.php');

$username = $_POST['username'];
$oldpass = $_POST['password'];

if(!$username) {
include 'login_nothing.php';
exit();
}

if(!$password) {
include 'login_nothing.php';
exit();
}

$password = md5($oldpass);

mysql_select_db('poweredge', $link);
$sql_query = mysql_query("SELECT * FROM users WHERE username = '$username'
AND password = '$password'");

if(!$sql_query) {
echo "Fatal error";
exit();
}

$login_check = mysql_num_rows($sql_query);

echo "$login_check";

if($login_check == 0) {
include 'login_error.php';
exit();
}

if($login_check == 1) {

session_register('username');
session_register('password');
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

header("Location: memberspage.php");
}
?>
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Me wrote:
I made a login script which retrieves username and password from a
database, I can get it to work if the passwords in the database are not
encrypted and if I dont encrypt the password when it is entered, but if I
encrypt the password that has been entered and try to match with the
encrypted one in the database then it does not work, can anyone help me
please, I have included both the sources here.

Source with password not encrypted:

<?php
session_start();
require('db_connect.php');

$username = $_POST['username'];
$oldpass = $_POST['password'];

if(!$username) {
include 'login_nothing.php';
exit();
}

if(!$password) {
include 'login_nothing.php';
exit();
}
mysql_select_db('poweredge', $link);
$sql_query = mysql_query("SELECT * FROM users WHERE username = '$username'
AND password = '$oldpass'");

if(!$sql_query) {
echo "Fatal error";
exit();
}

$login_check = mysql_num_rows($sql_query);

echo "$login_check";

if($login_check == 0) {
include 'login_error.php';
exit();
}

if($login_check == 1) {

session_register('username');
session_register('password');
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

header("Location: memberspage.php");
}
?>

Source with password encrypted:

<?php
session_start();
require('db_connect.php');

$username = $_POST['username'];
$oldpass = $_POST['password'];

if(!$username) {
include 'login_nothing.php';
exit();
}

if(!$password) {
include 'login_nothing.php';
exit();
}

$password = md5($oldpass);

mysql_select_db('poweredge', $link);
$sql_query = mysql_query("SELECT * FROM users WHERE username = '$username'
AND password = '$password'");

if(!$sql_query) {
echo "Fatal error";
exit();
}

$login_check = mysql_num_rows($sql_query);

echo "$login_check";

if($login_check == 0) {
include 'login_error.php';
exit();
}

if($login_check == 1) {

session_register('username');
session_register('password');
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

header("Location: memberspage.php");
}
?>

Saying "it does not work" doesn't really help, but I'll try anyways....when
you md5() the password that the user enters, have the passwords in the
database already been changed to md5 hashes?
Jul 17 '05 #2

P: n/a
Me wrote:
I made a login script which retrieves username and password from a
database, I can get it to work if the passwords in the database are not
encrypted and if I dont encrypt the password when it is entered, but if I
encrypt the password that has been entered and try to match with the
encrypted one in the database then it does not work, can anyone help me
please, I have included both the sources here.


The SQL when you insert a new user's password:
INSERT INTO users SET password=MD5('$password')

When you try to match passwords, where the user-entered password is in the
variable $pw:
SELECT * FROM users WHERE password=MD5('$pw')

In the same way, you can use the MySQL PASSWORD() function to encrypt
passwords.

..:Albe

--
http://www.ninja.up.ac.za
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.