Having problems with my php login script

Re: Having problems with my php login script

Me wrote:
[color=blue]
> I made a login script which retrieves username and password from a
> database, I can get it to work if the passwords in the database are not
> encrypted and if I dont encrypt the password when it is entered, but if I
> encrypt the password that has been entered and try to match with the
> encrypted one in the database then it does not work, can anyone help me
> please, I have included both the sources here.
>
> Source with password not encrypted:
>
> <?php
> session_start() ;
> require('db_con nect.php');
>
> $username = $_POST['username'];
> $oldpass = $_POST['password'];
>
> if(!$username) {
> include 'login_nothing. php';
> exit();
> }
>
> if(!$password) {
> include 'login_nothing. php';
> exit();
> }
>
>
> mysql_select_db ('poweredge', $link);
> $sql_query = mysql_query("SE LECT * FROM users WHERE username = '$username'
> AND password = '$oldpass'");
>
> if(!$sql_query) {
> echo "Fatal error";
> exit();
> }
>
> $login_check = mysql_num_rows( $sql_query);
>
> echo "$login_che ck";
>
> if($login_check == 0) {
> include 'login_error.ph p';
> exit();
> }
>
> if($login_check == 1) {
>
> session_registe r('username');
> session_registe r('password');
> $_SESSION['username'] = $username;
> $_SESSION['password'] = $password;
>
> header("Locatio n: memberspage.php ");
> }
> ?>
>
> Source with password encrypted:
>
> <?php
> session_start() ;
> require('db_con nect.php');
>
> $username = $_POST['username'];
> $oldpass = $_POST['password'];
>
> if(!$username) {
> include 'login_nothing. php';
> exit();
> }
>
> if(!$password) {
> include 'login_nothing. php';
> exit();
> }
>
> $password = md5($oldpass);
>
> mysql_select_db ('poweredge', $link);
> $sql_query = mysql_query("SE LECT * FROM users WHERE username = '$username'
> AND password = '$password'");
>
> if(!$sql_query) {
> echo "Fatal error";
> exit();
> }
>
> $login_check = mysql_num_rows( $sql_query);
>
> echo "$login_che ck";
>
> if($login_check == 0) {
> include 'login_error.ph p';
> exit();
> }
>
> if($login_check == 1) {
>
> session_registe r('username');
> session_registe r('password');
> $_SESSION['username'] = $username;
> $_SESSION['password'] = $password;
>
> header("Locatio n: memberspage.php ");
> }
> ?>[/color]
Saying "it does not work" doesn't really help, but I'll try anyways....when
you md5() the password that the user enters, have the passwords in the
database already been changed to md5 hashes?

Re: Having problems with my php login script

Me wrote:
[color=blue]
> I made a login script which retrieves username and password from a
> database, I can get it to work if the passwords in the database are not
> encrypted and if I dont encrypt the password when it is entered, but if I
> encrypt the password that has been entered and try to match with the
> encrypted one in the database then it does not work, can anyone help me
> please, I have included both the sources here.[/color]

The SQL when you insert a new user's password:
INSERT INTO users SET password=MD5('$ password')

When you try to match passwords, where the user-entered password is in the
variable $pw:
SELECT * FROM users WHERE password=MD5('$ pw')

In the same way, you can use the MySQL PASSWORD() function to encrypt
passwords.

..:Albe

--