MD5 Login
Posted: Wed Nov 24, 2010 9:45 am
I have developed a login system that utilizes md5 password protection before but for some reason I am having trouble getting this one to check out. I may be having a bad day of coding or something I don't know!
Anyways here is some code I would like to get someone to take a second look at. Thanks in advance!
Anyways here is some code I would like to get someone to take a second look at. Thanks in advance!
Code: Select all
<?php
session_start();
include('dbconn.php');
// User is already logged in, they don't need to se this page.
if(isset($_SESSION['username'])){
header("Location:index.php");
exit();
}
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)){
header("Location:login.php");
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)){
header("Location:login.php");
}else{
$user=mysql_real_escape_string($_POST['email']);
$pass=mysql_real_escape_string(md5($_POST['password']));
$sql = "SELECT * FROM users WHERE email='$user' AND password='$pass'";
$result = mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){
//start the session and register a variable
session_start();
session_register('username');
//successful login code will go here...
header( "Location: index.php");
exit();
}
}else{
//if nothing is returned by the query, unsuccessful login code goes here...
$error = '<div class="error_message">Incorrect username or password. Please try again.</div>';
}
}
}
include('header.php');
?>
<h3>Login2</h3>
<?php echo $error;?>
<form method="POST" action="">
<label>Email</label><input type="text" name="email" size="20">
<br />
<label>Password</label><input type="password" name="password" size="20">
<br />
<input type="submit" value="Submit" name="login">
</form>
<?php include('footer.php');?>