Another roadblock with login script
Posted: Thu Apr 29, 2010 11:35 pm
Alright, This is the script to check if a username, and password inputted in a form exist in the database. If so let them login.
The trouble im having is with the mysql query. Im wanting it to search the table userdb for email address and passwords matching the one entered by the user.
I have the email field in my db set as primary key.
The trouble im having is with the mysql query. Im wanting it to search the table userdb for email address and passwords matching the one entered by the user.
I have the email field in my db set as primary key.
Code: Select all
<?php
session_start();
# If Magic Quotes are enabled, stripslashes()
if(get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while(list($k, $v) = each($input)) {
foreach($v as $key => $val) {
if(!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
# Fetch POST Vars
/* Check for existence before referencing a variable! */
/* Adding slashes does NOT protect you from SQL Injection. Use: mysql_real_escape_string() */
$email = isset($_POST['email']) ? $_POST['email'] : '';
$password = isset($_POST['password']) ? $_POST['password']: '';
# Hash $password
$password = hash('sha512', $password);
# Connect to the MySql Database
$mysql = mysql_connect('localhost', 'root');
# Select Database to use
mysql_selectdb('mobgame');
# Mysql query
$result = mysql_query("SELECT * FROM `userdb` WHERE `email` = '$email' AND 'password' = '$password' ");
# check if enail, and password found.
If(mysql_num_rows($result) == 1) {
$_SESSION['user'] = $_POST['email'];
header("location: main.php");
}
else {
echo "<a href=\"index.php\">Invalid user name or password click here to try again</a>";
exit;
}
?>