The trouble im having is with the mysql query. Im wanting it to search the table userdb for email address and passwords matching the one entered by the user.
I have the email field in my db set as primary key.
Code: Select all
<?php
session_start();
# If Magic Quotes are enabled, stripslashes()
if(get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while(list($k, $v) = each($input)) {
foreach($v as $key => $val) {
if(!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
# Fetch POST Vars
/* Check for existence before referencing a variable! */
/* Adding slashes does NOT protect you from SQL Injection. Use: mysql_real_escape_string() */
$email = isset($_POST['email']) ? $_POST['email'] : '';
$password = isset($_POST['password']) ? $_POST['password']: '';
# Hash $password
$password = hash('sha512', $password);
# Connect to the MySql Database
$mysql = mysql_connect('localhost', 'root');
# Select Database to use
mysql_selectdb('mobgame');
# Mysql query
$result = mysql_query("SELECT * FROM `userdb` WHERE `email` = '$email' AND 'password' = '$password' ");
# check if enail, and password found.
If(mysql_num_rows($result) == 1) {
$_SESSION['user'] = $_POST['email'];
header("location: main.php");
}
else {
echo "<a href=\"index.php\">Invalid user name or password click here to try again</a>";
exit;
}
?>