Jump to content

joshspringsteen

New Members
  • Posts

    3
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

joshspringsteen's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. jenk - i dont understand what your tryting to say.  I tried to log in with those 'credentials' but it doesnt work...it simply states the username is not in the database/.  Also, could you explain what vulnerabilities are in my SQL statements? THanks again!
  2. hi guys im building a registration and login system for my site...i've read about the md5 but however i put it in my code i cant seem to get it to work...is md5 the best out there, or would something stronger be better...anyway, here is my code --> where do i put in the bit for encrypting the passwords... =========================== [code]<?php include("config.php"); // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); // Define post fields into simple variables $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; $realname = $_POST['realname']; $location = $_POST['location']; $usertatts = $_POST['usertatts']; $usercomments = $_POST['usercomments']; // Do some error checking on the form posted fields if((!$username) || (!$password) || (!$email) || (!$realname)){     echo 'You did not submit the following required information! <br />';     if(!$username){         echo "username is a required field. Please enter it below.<br />";     }     if(!$password){         echo "password is a required field. Please enter it below.<br />";     }     if(!$email){         echo "Email Address is a required field. Please enter it below.<br />";     }     if(!$realname){         echo "realname is a required field. Please enter it below.<br />";     }     include 'register.html'; // Show the form again!         exit(); // if the error checking has failed, we'll exit the script! } // Let's do some checking $sql_email_check = mysql_query("SELECT email FROM users             WHERE email='$email'"); $sql_username_check = mysql_query("SELECT username FROM users             WHERE username='$username'"); $email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); if(($email_check > 0) || ($username_check > 0)){     echo "Please fix the following errors: <br />";     if($email_check > 0){         echo "<strong>Your email address has already been used by another member         in our database. Please submit a different Email address!<br />";         unset($email);     }     if($username_check > 0){         echo "The username you have selected has already been used by another member           in our database. Please choose a different Username!<br />";         unset($username);     }     include 'register.html'; // Show the form again!     exit();  // exit the script so that we do not create this account! } else { // insert the data $insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '".$_POST['realname']."', '".$_POST['location']."', '".$_POST['usertatts']."', '".$_POST['usercomments']."')") or die("Could not insert data because ".mysql_error()); // print a success message echo "Your user account has been created!<br>"; echo "Now you can <a href=login.html>log in</a>"; } ?> [/code] =========================== thanks guys, marty
  3. Hi guys, Just a question.  Shortly, I will be setting up a national website with paying members for services rendered.  The members will have their own login/password and membership area. Im trying to decide between PHP and ASP.  I know how to program PHP/MySQL so I wanna stick to this.  Is this going to be safe enough on the web to avoid hackers etc, or is ASP safer? Thanks for your help, Josh.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.