My script works without the md5 but not with the md5.
I cant figure out what im doing wrong. Its driving me crazy.. Please help.
Heres my sql.
CREATE TABLE `users` (
`id` int(10) NOT NULL auto_increment,
`username` varchar(50) NOT NULL,
`password` varchar(32) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
Heres how I added a single user to test the database.
<?php
mysql_connect("localhost", "----", "----") or die(mysql_error());
mysql_select_db("-------") or die(mysql_error());
$username = 'testuser';
$password = 'testpass';
mysql_query("INSERT INTO test (username, password) VALUES('". mysql_escape_string($username) ."', '".md5($password)."' ) ") or die(mysql_error());
?>
And here is my login script
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div id="wrap">
<?php
mysql_connect("localhost", "-----", "-----") or die(mysql_error());
mysql_select_db("--------") or die(mysql_error());
if(isset($_POST['username']) && isset($_POST['password'])){
// Verify
$username = mysql_escape_string($_POST['username']);
$password = $_POST['password'];
$gUser = mysql_query("SELECT * FROM test WHERE username='".$username."' AND password='".$password."' LIMIT 1") or die(mysql_error());
$verify = mysql_num_rows($gUser);
if($verify > 0){
echo '<h2>Login Complete</h2>
<p>Thanks for logging in!</p>';
}else{
echo '<h2>Login Failed</h2>
<p>Sorry your login credentials are incorrect.';
}
}else{
?>
<h2>Login</h2>
<p>Please enter your login credentials to get access to the download area</p>
<form method="post" action="">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" value="" />
<label for="password">Password:</label><input type="text" name="password" value="" />
<input type="submit" value="Login" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>