Page 1 of 1

logging into database after using crypt

Posted: Thu Jul 22, 2010 10:18 pm
by cjkeane
hi.

i have created a user login form and am having a problem verifying the password. my registration form works as it encrypts the password just fine. i just need to compare the password they type in to the encrypted one. any help would be appreciated.
thx.

Code: Select all

<?php
// Address error handling.
ini_set('display_errors',0);// hides error messages. Can be turned on or off. Best to be off on live server.
error_reporting(E_All & ~ E_NOTICE); // Don't show all notices
?>
<html>

    <form action="<?php echo $PHP_SELF;?>" method="post">
        <table width="366" height="310" border="0" align="center" cellpadding="1" cellspacing="1">
          <tr>
            <td><br>
              <table width="325" border="1" align="center" cellpadding="0" cellspacing="1">
              <tr>
                <td align="center" bgcolor="#EBE9EA"><br>                  <img src="alogin.jpg" width="296" height="80"><br>
                <br></td>
              </tr>
              <tr>
                <td align="center" bgcolor="#EBE9EA"><table width="267" border="0" cellspacing="1" cellpadding="1">
                  <tr>
                    <td><p><br>
                      Username: <br>
                      <input name="username" type="text" size="40">
                      <br />
 Password:<br>
<input name="password" type="password" size="40">
<br />
<br>
<input type="submit" value="Log In">
                    </p></td>
                   
                  </tr> <?php
				  if (!empty($_POST)) {
session_start();


// Address error handling.
ini_set('display_errors',0);// hides error messages. Can be turned on or off. Best to be off on live server.
error_reporting(E_All & ~ E_NOTICE); // Don't show all notices

$username = $_POST['username'];
$password=$_POST['password'];
$password=md5($password);

if ($username&&$password) {
    $connect = mysql_connect("localhost", "root", "mypass") or die("Couldn't Connect to the database");
    mysql_select_db("users") or die ("Couldn't find the database");
    $query = mysql_query("SELECT * FROM author WHERE name='$username'");
    $numrows = mysql_num_rows($query);

    if ($numrows!=0)
        {
        while ($row=mysql_fetch_assoc($query))

            {
            $dbusername=$row['name'];
            $dbpassword=$row['password'];

            // check to see if they match
            if ($username==$dbusername&&$password==$dbpassword)
                {
                echo "You have successfully signed in! <br /> <a href='index.html'>Click here</a> to enter the members page.  ";
                $_SESSION['name']=$username;

                }
                else
                    echo "incorrect password";

            }

        } else {
        print 'That user doesnt exist';
        }

    }


else {
    print 'Please enter a username and password';
    }}
?>
                </table>
                <br></td>
              </tr>
              </table>
            <br></td>
          </tr>
        </table>
         
        <p>&nbsp;</p>
    </form>


</html>

Re: logging into database after using crypt

Posted: Thu Jul 22, 2010 11:11 pm
by Benjamin
Forum Rules wrote: 11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.
Forum Rules 1-1.1-1 wrote: Select the correct board for your query. Take some time to read the guidelines in the sticky topic.
You may also want to read:
  1. General Posting Guidelines
  2. Posting Code in the Forums
  3. PHP Manual
  4. PHP Tutorials
:arrow: Moved to PHP - Code