can anyone tell me why the test bolded below is not working can anyone help!!!!
<?php
include("config.php");
?>
<?php
//retrieve data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
{
header('Location: register.php');
}
elseif(strlen($username) > 30){
header('Location: register.php');
}
else{
$hash = sha1($pass1);
function createSalt()
{
$string = md5(uniqid(rand(),true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = sha1($salt . $hash);
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
//if(!$conn){echo "Error in connection";}
//else{echo "connection successful";}
mysql_select_db($dbname, $conn);
//sanitize username
$username = mysql_real_escape_string($username);
$query = "INSERT INTO users (username, password, salt) VALUES('$username', '$hash', '$salt');";
mysql_query($query);
//make sure was inserted successifully
//if(!mysql_insert_id())
//{
//die("Error: user not added to database");
//}
//else {echo "successiful register";}
Header('Location: register.php');
mysql_close();
}
login validation
Moderator: General Moderators
Re: login validation
what type of method you are using for sending data? post or get method?
after that display $pass1 and $pass2.
echo $_REQUEST["pass1"];
echo $_REQUEST["pass2"];
after that display $pass1 and $pass2.
echo $_REQUEST["pass1"];
echo $_REQUEST["pass2"];
Re: login validation
Am using post
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: login validation
You'll need to post your HTML form that was used to get to this page. Asking why a comparison operator doesnt behave the way you expect, tells me that there is a problem with the way you are handling input.mainakvn wrote:can anyone tell me why the test bolded below is not working can anyone help!!!!
Code: Select all
<?php
include("config.php");
?>
<?php
# Verify we arrived here through a POST
if(isset($_SERVER['REQUEST_METHOD']) && mb_strtolower($_SERVER['REQUEST_METHOD']) == "post") {
# Retrieve data from POST
$username = (isset($_POST['username'])) ? $_POST['username'] : '';
$pass1 = (isset($_POST['pass1'])) ? $_POST['pass1'] : '';
$pass2 = (isset($_POST['pass2'])) ? $_POST['pass2'] : '';
# Validation
if($pass1 != $pass2) {
header('Location: register.php');
exit();
}
if(strlen($username) > 30){
header('Location: register.php');
exit();
}
# Prepare Data
$salt = substr(md5(uniqid(rand(),true)), 0, 3);
$hash = sha1($salt . sha1($pass1));
# Connect to the database
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbname, $conn);
# Sanitize username
$username = mysql_real_escape_string($username);
# Execute Query
$query = "INSERT INTO `users` (`username`, `password`, `salt`) VALUES ('$username', '$hash', '$salt');";
mysql_query($query);
# Close Database Connection
mysql_close();
# Redirect
header('Location: register.php');
exit();
}
?>