here are my two functions which register and login a user.
the registration of a user works correctly, but I am unable to login with the registered username and password.
I think the problem is with incorrect usage of mysql escape string and md5.
Code: Select all
function register($data){
global $db;
$password = "MD5('".$data['password']."')";
foreach ($data as $k => $v ) $data[$k] = "'".escape($v)."'";
$data['password'] = $password;
$db->query("INSERT INTO `users` (`".implode('`, `', array_keys($data))."`) VALUES (".implode(", ", $data).")");
return (int)mysql_insert_id($db->connection);
}
function login($uname, $password)
{
global $db;
$uname = escape($uname);
$password = $originalPassword = escape($password);
$password = "MD5('$password')";
$res = $db->query("SELECT * FROM `users`
WHERE `username` = '$uname' AND `password` = $password LIMIT 1",__LINE__);
if ( @mysql_num_rows($res) == 0)
{
return false;
}
else
{
return true;
}
}