Page 1 of 1

login page problem

Posted: Thu Feb 03, 2005 7:34 am
by pleigh
hello,

i have a registration page to allow user to register to the mysql database, i already can encrypt the password using md5() function...now, the problem is, during login (in the login page), i cannot access the password using the same function md5().

can anybody help me with this concern??

thanks

pleigh

Posted: Thu Feb 03, 2005 8:02 am
by neophyte
Compare md5() passwords. So you take the password stored in mysql and compare it to md5($_POST['password'])

Code: Select all

if ($password == md5($_POSTї'password']))
{

////Set session or what have you...

}

Posted: Thu Feb 03, 2005 8:28 am
by pleigh
thanks neophyte, below is my code, hope u can modify it...or anyone in the forum can share...thanks again..

this is for the login page:

Code: Select all

//verify password
if (empty($_POSTї'password'])) 
{
$pw = FALSE;
$message .= 'Please enter your password!<br>';
&#125; 
else 
&#123;
$pw = stripslashes($_POST&#1111;'password']);
&#125;
						
//if username and password OK...
if ($un && $pw) 
&#123;
$query = "SELECT userID, firstname FROM users WHERE username='$un' AND password=md5('$pw')";		
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM); 
if ($row) 
&#123; 									
$_SESSION&#1111;'firstname'] = $row&#1111;1];
$_SESSION&#1111;'userID'] = $row&#1111;0];
header ("Location:  http://" . $_SERVER&#1111;'HTTP_HOST'] . dirname($_SERVER&#1111;'PHP_SELF']) . "/template.php");
exit();				
&#125; 
else 
&#123;
$message = 'The username and password entered do not match.<br>'; 
&#125;
and this is for my registration page:

Code: Select all

//validate password
if (empty($_POST&#1111;'password1']))
&#123;
$pw = FALSE;
$message .= 'Enter your password!<br>';
&#125;
else
&#123;
if ($_POST&#1111;'password1'] == $_POST&#1111;'password2'])
&#123;
$pw = $_POST&#1111;'password1'];
&#125;
else
&#123;
echo 'Your password did not match the confirmed password!<br>';
&#125;
&#125;

if ($fn && $ln && $un && $pw && $e)
&#123;
$query = "INSERT INTO users(firstname, lastname, username, password, email)
values('$fn','$ln','$un', md5('$pw'), '$e')";
$result = @mysql_query($query);
		
if ($result)
&#123;
echo '<b>You have been registered</b><br>';
exit();
&#125;
else
&#123;
$message = 'You could not be registered due to system error.<br>'.mysql_error();
&#125;