Database 'Validation'
Posted on
16th Feb 2014 07:03 pm by
admin
Hi everyone,
I'm trying to validate the password entered by the user with the password in the database. I've worked out that it checks the username fine (if the username doesn't exist it displays an error), however when it tries to validate the password with the mysql password it never works. The working 'example' is at http://scapersclearing.com/fansite/login.php;and this is the PHP (note base.php contains the database information and header.php, navigation.php and footer.php and all front-end). I'm planning on adding html entities and preventing SQL injection once this works. Username: Test - Password: password89 (md5 c1c2434f064da663997b1a2a233bf9f6)
Code: <?php
include("base.php"); //Include MySQL connection
$username = $_POST['username']; //Connect form username with strings
$password = $_POST['password']; //Connect form password with strings
$salt = "xia8u28jd0ajgfa"; //Define the salt string
$salt2 = "oqipoaks42duaiu"; //Define the second salt string
$password = md5($salt.$password.$salt2); //Encrypt the password
$result = mysql_query("SELECT * FROM members WHERE username = '".$username."'"); //Open the members table
while($row = mysql_fetch_array( $result )) { //Convert the members table into an array
if ( $username != $row['username'] ) { //If user entered username doesn't equal the database username
include("header.php"); //Print the message
include("navigation.php");
echo "Invalid username or password!";
include("footer.php");
}
else {
$username = $username_new;
$password = $password_new;
if ( $row['password'] == $password_new ) { //Validate username and password
setcookie('c_username', $username_new, time()+6000); //Set the username cookie
setcookie('c_password', $password_new, time()+6000); //Set the cookie
header("Location:index.php"); //Redirect to home page
} else {
include("header.php"); //Print the message
include("navigation.php");
echo "<div class="content"><p>Invalid username or password!<p></div>";
include("footer.php");
} } }
?>
No comments posted yet
Your Answer:
Login to answer
72 
27 
Other forums
FTP Programs
Here is a list of commonly suggested FTP Programs to use:
FileZilla
SmartFTP
CuteFTPDateObject and Nulls
Hi all,
I have an array mapped to a value object. One of the items in the array is a PHP Date
problem with query error
First Thanks to those who helped me on my previous posts, and the following code i'm using is not mi
SQL Injection
In my attempts to protect my database from mySQL injection I have created another problem for myself
Somebody hacked into my site and changed coding >>> URGENT HELP NEEDED <<<
I am not that much into programming , but somebody is hacking to my site and injecting some kind of
BackButton Behaviour in AJAX
I have an ASPX Page AJAX Enabled!The page has a gridView and a DDL for filtering on it. The Gridview
Ignore html and bbcode?
I've created a function to limit the amount of text according to the amount of words.
However
Simpler method of getting variables from mysql
Hi Guys,
I'm trying to streamline my CMS's code and as I was writing a new page it occured to
Adding to an Int row in db
Hi, i have a database which houses all of the users of my site. One of the columns is for points whi
Update Myspace status with CURL
Logging in:
Code: <?php
class Myspace
{
function login($username, $pa
