PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
What's the password() function?... I can't see it anywhere in the manual on php.net. Did you get a code snippet for this? If you post the function snippet then it's probably easy to decrypt
Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application.
if (empty($_POSTї'password1']))
{
$pw = FALSE;
$message .= 'Enter your password!<br>';
}
else
{
if ($_POSTї'password1'] == $_POSTї'password2'])
{
$pw = $_POSTї'password1'];
}
else
{
echo 'Your password did not match the confirmed password!<br>';
}
}
if ($fn && $ln && $un && $pw && $e)
{
$query = "INSERT INTO users(firstname, lastname, username, password, email)
values('$fn','$ln','$un', '$pw', '$e')";
$result = @mysql_query($query);
if ($result)
{
echo '<b>You have been registered</b><br>';
exit();
}
else
{
$message = 'You could not be registered due to system error.<br>'.mysql_error();
}
if (empty($_POSTї'password']))
{
$pw = FALSE;
$message .= 'Please enter your password!<br>';
}
else
{
$pw = stripslashes($_POSTї'password']);
}
//if username and password OK...
if ($un && $pw)
{
$query = "SELECT userID, firstname FROM users WHERE username='$un' AND password='$pw'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row)
{ $_SESSIONї'firstname'] = $rowї1];
$_SESSIONї'userID'] = $rowї0];
header ("Location: http://" . $_SERVERї'HTTP_HOST'] . dirname($_SERVERї'PHP_SELF']) . "/template.php");
exit();
}
else
{
$message = 'The username and password entered do not match.<br>';
}
the problem is, i can encrypt the password during registration using passwor(), but when i log in, i cannot access the next page for password mismatch...
btw, i really suggest you to read the MySQL manual.. Because it has some things to say about that PASSWORD function.. (As in that it's not a good idea to use it...)