login validation
Posted: Tue Mar 23, 2010 5:25 am
can anyone tell me why the test bolded below is not working can anyone help!!!!
<?php
include("config.php");
?>
<?php
//retrieve data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
{
header('Location: register.php');
}
elseif(strlen($username) > 30){
header('Location: register.php');
}
else{
$hash = sha1($pass1);
function createSalt()
{
$string = md5(uniqid(rand(),true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = sha1($salt . $hash);
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
//if(!$conn){echo "Error in connection";}
//else{echo "connection successful";}
mysql_select_db($dbname, $conn);
//sanitize username
$username = mysql_real_escape_string($username);
$query = "INSERT INTO users (username, password, salt) VALUES('$username', '$hash', '$salt');";
mysql_query($query);
//make sure was inserted successifully
//if(!mysql_insert_id())
//{
//die("Error: user not added to database");
//}
//else {echo "successiful register";}
Header('Location: register.php');
mysql_close();
}
<?php
include("config.php");
?>
<?php
//retrieve data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
{
header('Location: register.php');
}
elseif(strlen($username) > 30){
header('Location: register.php');
}
else{
$hash = sha1($pass1);
function createSalt()
{
$string = md5(uniqid(rand(),true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = sha1($salt . $hash);
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
//if(!$conn){echo "Error in connection";}
//else{echo "connection successful";}
mysql_select_db($dbname, $conn);
//sanitize username
$username = mysql_real_escape_string($username);
$query = "INSERT INTO users (username, password, salt) VALUES('$username', '$hash', '$salt');";
mysql_query($query);
//make sure was inserted successifully
//if(!mysql_insert_id())
//{
//die("Error: user not added to database");
//}
//else {echo "successiful register";}
Header('Location: register.php');
mysql_close();
}