Dear all,
I am new to PHP. here I want to develop a login page. what's wrong in the following page?
<?php
include ('/includes/dbConfig.php');
session_start();
// username and password sent from form
$email=$_POST['email'];
$password=md5($_POST['password']);
// To protect MySQL injection (more detail about MySQL injection)
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$query="SELECT * FROM member_info WHERE email='$email' and password='$password'";
$result=mysql_query($query);
if (mysql_num_rows($result) != 1) {
//$error = "Bad Login";
echo "Bad Login";
}
else
{
header("location:index.php");
}
?>
Regards:
Muhammad Nadeem
unable to login
Moderator: General Moderators
Re: unable to login
What kind of error or problem do you get?
It's been pointed out before: it's good that you hash the password but NOT with md5 and NOT without salt. See password security rule #1 especially about hashing.nadeem14375 wrote:$password=md5($_POST['password']);
How does this prevent anyone from not logging in and just going straight to index.php ?else
{
header("location:index.php");
}
-
nadeem14375
- Forum Newbie
- Posts: 23
- Joined: Sat Oct 30, 2010 2:11 am
Re: unable to login
thanks dear,
1. i have inserted the password md5(). can you suggest how do md5()?
2. by else { header("location:index.php"); } I want to redirect the user to index page and now he can select items from a list.
1. i have inserted the password md5(). can you suggest how do md5()?
2. by else { header("location:index.php"); } I want to redirect the user to index page and now he can select items from a list.
Re: unable to login
Well the idea so to NOT use md5.nadeem14375 wrote:1. i have inserted the password md5(). can you suggest how do md5()?
As suggested by the Gimbal's link above, instead of md5($password) you should do something like:
Code: Select all
hash( 'sha512' , $password . "gI8sj25wq^yH86J#xvp/bMdZ2-ug!mrQiSB" . $member_id )Ok, but your code essentially does this:2. by else { header("location:index.php"); } I want to redirect the user to index page and now he can select items from a list.
Code: Select all
if (password not correct)
{
echo "Bad Login";
}
else
{
redirect to index.php
}