logging into database after using crypt
Posted: Thu Jul 22, 2010 10:18 pm
hi.
i have created a user login form and am having a problem verifying the password. my registration form works as it encrypts the password just fine. i just need to compare the password they type in to the encrypted one. any help would be appreciated.
thx.
i have created a user login form and am having a problem verifying the password. my registration form works as it encrypts the password just fine. i just need to compare the password they type in to the encrypted one. any help would be appreciated.
thx.
Code: Select all
<?php
// Address error handling.
ini_set('display_errors',0);// hides error messages. Can be turned on or off. Best to be off on live server.
error_reporting(E_All & ~ E_NOTICE); // Don't show all notices
?>
<html>
<form action="<?php echo $PHP_SELF;?>" method="post">
<table width="366" height="310" border="0" align="center" cellpadding="1" cellspacing="1">
<tr>
<td><br>
<table width="325" border="1" align="center" cellpadding="0" cellspacing="1">
<tr>
<td align="center" bgcolor="#EBE9EA"><br> <img src="alogin.jpg" width="296" height="80"><br>
<br></td>
</tr>
<tr>
<td align="center" bgcolor="#EBE9EA"><table width="267" border="0" cellspacing="1" cellpadding="1">
<tr>
<td><p><br>
Username: <br>
<input name="username" type="text" size="40">
<br />
Password:<br>
<input name="password" type="password" size="40">
<br />
<br>
<input type="submit" value="Log In">
</p></td>
</tr> <?php
if (!empty($_POST)) {
session_start();
// Address error handling.
ini_set('display_errors',0);// hides error messages. Can be turned on or off. Best to be off on live server.
error_reporting(E_All & ~ E_NOTICE); // Don't show all notices
$username = $_POST['username'];
$password=$_POST['password'];
$password=md5($password);
if ($username&&$password) {
$connect = mysql_connect("localhost", "root", "mypass") or die("Couldn't Connect to the database");
mysql_select_db("users") or die ("Couldn't find the database");
$query = mysql_query("SELECT * FROM author WHERE name='$username'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row=mysql_fetch_assoc($query))
{
$dbusername=$row['name'];
$dbpassword=$row['password'];
// check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
echo "You have successfully signed in! <br /> <a href='index.html'>Click here</a> to enter the members page. ";
$_SESSION['name']=$username;
}
else
echo "incorrect password";
}
} else {
print 'That user doesnt exist';
}
}
else {
print 'Please enter a username and password';
}}
?>
</table>
<br></td>
</tr>
</table>
<br></td>
</tr>
</table>
<p> </p>
</form>
</html>