[simple, i know but im new!! password help]

jenk - i dont understand what your tryting to say.  I tried to log in with those 'credentials' but it doesnt work...it simply states the username is not in the database/.  Also, could you explain what vulnerabilities are in my SQL statements?

THanks again!

[simple, i know but im new!! password help]

hi guys

im building a registration and login system for my site...i've read about the md5 but however i put it in my code i cant seem to get it to work...is md5 the best out there, or would something stronger be better...anyway, here is my code --> where do i put in the bit for encrypting the passwords...

===========================

[code]<?php

include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());


// Define post fields into simple variables
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$realname = $_POST['realname'];
$location = $_POST['location'];
$usertatts = $_POST['usertatts'];
$usercomments = $_POST['usercomments'];


// Do some error checking on the form posted fields

if((!$username) || (!$password) || (!$email) || (!$realname)){
    echo 'You did not submit the following required information! <br />';
    if(!$username){
        echo "username is a required field. Please enter it below.<br />";
    }
    if(!$password){
        echo "password is a required field. Please enter it below.<br />";
    }
    if(!$email){
        echo "Email Address is a required field. Please enter it below.<br />";
    }
    if(!$realname){
        echo "realname is a required field. Please enter it below.<br />";
    }
    include 'register.html'; // Show the form again!
   
    exit(); // if the error checking has failed, we'll exit the script!
}


// Let's do some checking

$sql_email_check = mysql_query("SELECT email FROM users
            WHERE email='$email'");
$sql_username_check = mysql_query("SELECT username FROM users
            WHERE username='$username'");

$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){
    echo "Please fix the following errors: <br />";
    if($email_check > 0){
        echo "<strong>Your email address has already been used by another member
        in our database. Please submit a different Email address!<br />";
        unset($email);
    }
    if($username_check > 0){
        echo "The username you have selected has already been used by another member
          in our database. Please choose a different Username!<br />";
        unset($username);
    }
    include 'register.html'; // Show the form again!
    exit();  // exit the script so that we do not create this account!
} else {





// insert the data
$insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '".$_POST['realname']."', '".$_POST['location']."', '".$_POST['usertatts']."', '".$_POST['usercomments']."')")
or die("Could not insert data because ".mysql_error());

// print a success message
echo "Your user account has been created!<br>";
echo "Now you can <a href=login.html>log in</a>";
}

?>
[/code]


===========================


thanks guys, marty

[Is PHP going to be safe enough?]

Hi guys,

Just a question.  Shortly, I will be setting up a national website with paying members for services rendered.  The members will have their own login/password and membership area.

Im trying to decide between PHP and ASP.  I know how to program PHP/MySQL so I wanna stick to this.  Is this going to be safe enough on the web to avoid hackers etc, or is ASP safer?

Thanks for your help,

Josh.