Unable to login!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
azycraze
Forum Commoner
Posts: 56
Joined: Mon Oct 24, 2011 12:08 pm
Location: India

Unable to login!!

Post by azycraze »

hi friends, I am stuck with my login script.
here are my two functions which register and login a user.
the registration of a user works correctly, but I am unable to login with the registered username and password.
I think the problem is with incorrect usage of mysql escape string and md5.

Code: Select all

  function register($data){
	global $db;
	$password = "MD5('".$data['password']."')";
    foreach ($data as $k => $v ) $data[$k] = "'".escape($v)."'";
    $data['password'] = $password;
    $db->query("INSERT INTO `users` (`".implode('`, `', array_keys($data))."`) VALUES (".implode(", ", $data).")");
    return (int)mysql_insert_id($db->connection);
  }

  
  function login($uname, $password)
  	{		
             global $db;
    	$uname    = escape($uname);
    	$password = $originalPassword = escape($password);
		$password = "MD5('$password')";
		$res = $db->query("SELECT * FROM `users` 
		WHERE `username` = '$uname' AND `password` = $password LIMIT 1",__LINE__);
		if ( @mysql_num_rows($res) == 0)
		{
			return false;
		}
			else
		{
			return true;
		}
	}
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Unable to login!!

Post by requinix »

Well there's one problem.

Code: Select all

$password = "MD5('".$data['password']."')";
foreach ($data as $k => $v ) $data[$k] = "'".escape($v)."'";
Those lines should be the other way around so the password is escaped before you put it into the SQL.

Otherwise have you checked the values of the assorted variables? That register works correctly and that login gets the right values?
Post Reply