Page 1 of 1

login validation

Posted: Tue Mar 23, 2010 5:25 am
by mainakvn
can anyone tell me why the test bolded below is not working can anyone help!!!!
<?php
include("config.php");
?>
<?php
//retrieve data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
{
header('Location: register.php');
}
elseif(strlen($username) > 30){
header('Location: register.php');
}
else{
$hash = sha1($pass1);
function createSalt()
{
$string = md5(uniqid(rand(),true));
return substr($string, 0, 3);
}
$salt = createSalt();

$hash = sha1($salt . $hash);
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
//if(!$conn){echo "Error in connection";}
//else{echo "connection successful";}
mysql_select_db($dbname, $conn);

//sanitize username
$username = mysql_real_escape_string($username);

$query = "INSERT INTO users (username, password, salt) VALUES('$username', '$hash', '$salt');";
mysql_query($query);

//make sure was inserted successifully
//if(!mysql_insert_id())
//{
//die("Error: user not added to database");
//}
//else {echo "successiful register";}
Header('Location: register.php');
mysql_close();
}

Re: login validation

Posted: Tue Mar 23, 2010 11:09 am
by mhdryz
what type of method you are using for sending data? post or get method?

after that display $pass1 and $pass2.

echo $_REQUEST["pass1"];

echo $_REQUEST["pass2"];

Re: login validation

Posted: Thu Mar 25, 2010 6:54 am
by mainakvn
Am using post

Re: login validation

Posted: Thu Mar 25, 2010 11:32 am
by flying_circus
mainakvn wrote:can anyone tell me why the test bolded below is not working can anyone help!!!!
You'll need to post your HTML form that was used to get to this page. Asking why a comparison operator doesnt behave the way you expect, tells me that there is a problem with the way you are handling input.

Code: Select all

<?php
include("config.php");
?>
<?php
# Verify we arrived here through a POST
  if(isset($_SERVER['REQUEST_METHOD']) && mb_strtolower($_SERVER['REQUEST_METHOD']) == "post") {
  # Retrieve data from POST
    $username = (isset($_POST['username'])) ? $_POST['username'] : '';
    $pass1 = (isset($_POST['pass1'])) ? $_POST['pass1'] : '';
    $pass2 = (isset($_POST['pass2'])) ? $_POST['pass2'] : '';
    
  # Validation
    if($pass1 != $pass2) {
      header('Location: register.php');
      exit();
    }
    
    if(strlen($username) > 30){
      header('Location: register.php');
      exit();
    }
    
  # Prepare Data
    $salt = substr(md5(uniqid(rand(),true)), 0, 3);
    $hash = sha1($salt . sha1($pass1));
    
  # Connect to the database
    $conn = mysql_connect($dbhost, $dbuser, $dbpassword);
    mysql_select_db($dbname, $conn);
 
  # Sanitize username
    $username = mysql_real_escape_string($username);
    
  # Execute Query
    $query = "INSERT INTO `users` (`username`, `password`, `salt`) VALUES ('$username', '$hash', '$salt');";
    mysql_query($query);
    
  # Close Database Connection
    mysql_close();
    
  # Redirect
    header('Location: register.php');
    exit();
  }
?>