02-14-2008, 03:22 PM
|
#18 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by StevenF
PHP Code:
<?php
//Setting variables from form data
$user = $_POST['check_username'];
$pass = $_POST['check_password'];
$login = $_POST['login'];
$get = mysql_query("SELECT count(userID) FROM users WHERE user_name = '$user' AND user_pass = '$pass'");
I'm getting somewhere now: If I take out the md5 encryption, and register a username and password, I can use that to log in. But, when I try it with md5 encryption, I can't login! Do I have to decrypt it or something? |
No, but you do have to compare an MD5 hashed value with another MD5 hashed value. You need to either hash the $pass value again prior to the query, or hash it within the query, e.g.
PHP Code:
// use $md5pass in your query instead of $pass
$md5pass= md5($_POST['check_password']);
-- or --
Code:
SELECT COUNT(userID)
FROM users
WHERE user_name = 'username'
AND user_pass = MD5('userpass');
Because MD5() is also a MySQL function, you can do it straight in the query. Just make sure not to hash the password in PHP and then attempt to hash it again!
Quote:
Originally Posted by StevenF
PHP Code:
//Determine if there is a result
if ($result != 1) header ("Location: login.html");
else {
header ("Location: index.html");
$_SESSION['user_name'] = $user;
};
|
A couple of comments here on the above code. - That last line uses a semicolon to end the if-else block. Not sure if that's even legal. At any rate, unnecessary.
- Don't assign session data after the call to header().
- Try not to mix statement styles, i.e. use a single indented line after the if conditional, then use braces after the else statement. Assume you'll want to have more than one statement after the if and use braces. Be uniform in your code structure. It makes it much easier to read and troubleshoot. Once in awhile I'll use syntax like that, but it's a one-liner only.
__________________
I reject your reality, and substitute my own.
|
|
|
|