Would appreciate it if someone can tell me where I've messed up since random garbage is still counted as a successful match. Thanks. (code pasted below)
Code: Select all
<?php require_once("includes/functions.php");?>
<?php require_once("includes/form_functions.php");?>
<?php require_once("includes/constants.php");?>
<?php require_once("includes/connection.php");?>
<?php
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$hashedPassword = sha1($password);
}
$query = "SELECT * ";
$query .= "FROM users ";
$query .= "WHERE userName = '{$username}' ";
$query .= "AND hashedPassword = '{$hashedPassword}' ";
$result=mysql_query($query);
if($result){
echo "<br/> successful match";
}
else
{
echo "<br/> failed to match";
}
?>
<?php require_once("includes/header.php");?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOGIN PAGE</title>
<link href="oneColElsCtr.css" rel="stylesheet" type="text/css" />
</head>
<body class="oneColElsCtr">
<div id="container">
<div id="mainContent">
<h1> LOGIN HERE </h1>
<form action="login.php" method="post">
userName: <input name="userName" value="<?php echo htmlentities($username);?>" type="text"/> <br/> <br/>
Password: <input name="password" type="password" value="<?php echo htmlentities($password);?>" /> <br/> <br/>
<input name="submit" type="submit" value="submit" />
</form>
<!-- end #mainContent --></div>
<!-- end #container --></div>
<?php require_once("includes/footer.php");?>
</body>
</html>