Page 1 of 1
login page problem
Posted: Thu Feb 03, 2005 7:34 am
by pleigh
hello,
i have a registration page to allow user to register to the mysql database, i already can encrypt the password using md5() function...now, the problem is, during login (in the login page), i cannot access the password using the same function md5().
can anybody help me with this concern??
thanks
pleigh
Posted: Thu Feb 03, 2005 8:02 am
by neophyte
Compare md5() passwords. So you take the password stored in mysql and compare it to md5($_POST['password'])
Code: Select all
if ($password == md5($_POSTї'password']))
{
////Set session or what have you...
}
Posted: Thu Feb 03, 2005 8:28 am
by pleigh
thanks neophyte, below is my code, hope u can modify it...or anyone in the forum can share...thanks again..
this is for the login page:
Code: Select all
//verify password
if (empty($_POSTї'password']))
{
$pw = FALSE;
$message .= 'Please enter your password!<br>';
}
else
{
$pw = stripslashes($_POSTї'password']);
}
//if username and password OK...
if ($un && $pw)
{
$query = "SELECT userID, firstname FROM users WHERE username='$un' AND password=md5('$pw')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row)
{
$_SESSIONї'firstname'] = $rowї1];
$_SESSIONї'userID'] = $rowї0];
header ("Location: http://" . $_SERVERї'HTTP_HOST'] . dirname($_SERVERї'PHP_SELF']) . "/template.php");
exit();
}
else
{
$message = 'The username and password entered do not match.<br>';
}
and this is for my registration page:
Code: Select all
//validate password
if (empty($_POSTї'password1']))
{
$pw = FALSE;
$message .= 'Enter your password!<br>';
}
else
{
if ($_POSTї'password1'] == $_POSTї'password2'])
{
$pw = $_POSTї'password1'];
}
else
{
echo 'Your password did not match the confirmed password!<br>';
}
}
if ($fn && $ln && $un && $pw && $e)
{
$query = "INSERT INTO users(firstname, lastname, username, password, email)
values('$fn','$ln','$un', md5('$pw'), '$e')";
$result = @mysql_query($query);
if ($result)
{
echo '<b>You have been registered</b><br>';
exit();
}
else
{
$message = 'You could not be registered due to system error.<br>'.mysql_error();
}