Page 1 of 1

Unable to login!!

Posted: Tue Apr 30, 2013 8:55 am
by azycraze
hi friends, I am stuck with my login script.
here are my two functions which register and login a user.
the registration of a user works correctly, but I am unable to login with the registered username and password.
I think the problem is with incorrect usage of mysql escape string and md5.

Code: Select all

  function register($data){
	global $db;
	$password = "MD5('".$data['password']."')";
    foreach ($data as $k => $v ) $data[$k] = "'".escape($v)."'";
    $data['password'] = $password;
    $db->query("INSERT INTO `users` (`".implode('`, `', array_keys($data))."`) VALUES (".implode(", ", $data).")");
    return (int)mysql_insert_id($db->connection);
  }

  
  function login($uname, $password)
  	{		
             global $db;
    	$uname    = escape($uname);
    	$password = $originalPassword = escape($password);
		$password = "MD5('$password')";
		$res = $db->query("SELECT * FROM `users` 
		WHERE `username` = '$uname' AND `password` = $password LIMIT 1",__LINE__);
		if ( @mysql_num_rows($res) == 0)
		{
			return false;
		}
			else
		{
			return true;
		}
	}

Re: Unable to login!!

Posted: Tue Apr 30, 2013 12:24 pm
by requinix
Well there's one problem.

Code: Select all

$password = "MD5('".$data['password']."')";
foreach ($data as $k => $v ) $data[$k] = "'".escape($v)."'";
Those lines should be the other way around so the password is escaped before you put it into the SQL.

Otherwise have you checked the values of the assorted variables? That register works correctly and that login gets the right values?