Page 1 of 1

MD5 Login

Posted: Wed Nov 24, 2010 9:45 am
by brmcdani44
I have developed a login system that utilizes md5 password protection before but for some reason I am having trouble getting this one to check out. I may be having a bad day of coding or something I don't know!

Anyways here is some code I would like to get someone to take a second look at. Thanks in advance!

Code: Select all

<?php
session_start();
include('dbconn.php');
// User is already logged in, they don't need to se this page.
if(isset($_SESSION['username'])){
header("Location:index.php");
exit();
}
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)){
header("Location:login.php");
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)){
header("Location:login.php");
}else{
$user=mysql_real_escape_string($_POST['email']);
$pass=mysql_real_escape_string(md5($_POST['password']));
$sql = "SELECT * FROM users WHERE email='$user' AND password='$pass'";
$result = mysql_query($sql);
//check that at least one row was returned
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){
//start the session and register a variable
session_start();
session_register('username');
//successful login code will go here...
header( "Location: index.php");
exit();
}
}else{
//if nothing is returned by the query, unsuccessful login code goes here...
$error = '<div class="error_message">Incorrect username or password. Please try again.</div>';
}
}
}
include('header.php');
?>
<h3>Login2</h3>
<?php echo $error;?>
<form method="POST" action="">
<label>Email</label><input type="text" name="email" size="20">
<br />
<label>Password</label><input type="password" name="password" size="20">
<br />
<input type="submit" value="Submit" name="login">
</form>
<?php include('footer.php');?>

Re: MD5 Login

Posted: Wed Nov 24, 2010 10:23 am
by pickle
What in particular isn't working? Some code indentation would really make it more clear. Also, don't use addslashes() on the username, user mysql_real_escape_string().

Re: MD5 Login

Posted: Wed Nov 24, 2010 10:41 am
by brmcdani44
It will just not allow the user to login and it throws my custom error message. The password is inserted into the database in md5 format.

Re: MD5 Login

Posted: Wed Nov 24, 2010 5:51 pm
by pickle
Throw in some echo statements & see where exactly it's failing.