Digitry Designs

No as it's one of the requirements for a hash-function. How do you MD5 these password's? Like: WHERE password = md5('$password'); Then your website is in danger as hacker's can use rainbow table's to retrieve a value that will match the MD5 stored in your database and it's best to use salt's like: WHERE password = md5( concat( password_salt, md5( '$password' ) ) ) The hacker now isn't able to use a rainbow table as the retrieved value wouldn't be correct. Thank you for your concern. I am not sure that it being required as a hash function answered my question or that maybe i did not understand it. Also I am a bit new with login scripting and so forth but here is what I have. <?php (((((my sql connect info)))))) function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } if(!$_SESSION['username'] || !$_SESSION['password']){ $loggedIn = False; } else { $loggedIn = True; } <<<<<<<<this splits what is 2 files. Above is the session handler file, and the below is the login processing file.>>>>>>>>>> <there is an include_function here to include the above file> $username = cleanString($_POST['username']); $password = md5($_POST['password']); //If the fields are empty you must go back and fill them out if(empty($username) || empty($password)){ echo 'You must enter a username and password!'; } //lets compare the username to others in the database for a match else{ $sql = mysql_query("SELECT * FROM users WHERE username='$username'"); if(mysql_num_rows($sql) < 1){ echo 'That username does not exist.'; } //if we do have a username match, now we can compare the username password to see if it is a match as well else{ $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); if(mysql_num_rows($sql2) < 1){ echo 'Your password is incorrect.'; } //since everything worked out, lets log the user in else{ $_SESSION['username'] = $username; $_SESSION['password'] = $password; echo '<meta HTTP-EQUIV="REFRESH" content="0; url=mail.php">'; } } } ?> how do I make it more secure and how do I make it so i can log in? every time i try it says i put in the wrong password. Any ideas? Thank you for your help.

Hello and thank you for reading. I am using the md5 statement to send passwords to the database and verifying and what not. I have used this same code in the past and I am simply migrating it to another database and site. So my question is, Does collation matter if I am using the md5 statement? Thank you in advance

Wow, Thank you so much JAY. that worked and helped alot!! I really appreciate the help! By the way, I have been looking, How do I mark this post resolved?

That would imply that you change the "or die" statement so that it also contains a mysqli_error(). You have two "or die()" statements. Which one are you receiving the output from, that you need to troubleshoot? ok, I got it fixed. I is the query statement, not the connect statement. Well not fixed, I got the error. The error is: MYSQL ERROR: Duplicate entry '0' for key 'PRIMARY' How do I ascend the id number?

Ok, so where would I put it exactly? If I put it in between the query and the or die statement, I get syntax error. If I put it after the or die statement, it doesnt run because the code stops at or die and parses the custom error?

Thank you JAY. Unfortunately it does nothing more then parse what is already there before I add the mysqli_error($dbc) it just says MySQL Error: We are sorry, your email could not be sent at this time. Please try again in a few minutes Any ideas?

hello and thank you again for reading. Here is my problem. I am trying to connect to the database and post information from a form. It doesnt seem to be working. I have logged into my db and verified db name and table name is correct. I have verified the password is correct. Another person here suggested to add "mysql_error()" to the "or die" statement. how do I do this. I guess what I am asking is what would it look like? I googled the issue and came up with one solution that shows the mysql_error statement to go immediately after the table insert statement like this: $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; echo "MySQL Error:" . mysqli_error(); I am afraid this is incorrect because I get this: Warning: mysqli_error() expects exactly 1 parameter, 0 given in C:\xampp\htdocs\digitrydesigns\templates\pro\include\process_mail.php on line 14 MySQL Error:We are sorry, your email could not be sent at this time. Please try again in a few minutes This is the entire code: <?php $name = $_POST['name']; $organization = $_POST['organization']; $phone = $_POST['phone']; $email = $_POST['email']; $description = $_POST['description']; $dbc = mysqli_connect('localhost', 'root', 'nuv1420', 'digitry') or die('We are sorry, due to extensive server overload we were unable to process your mail.'); $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; echo "MySQL Error:" . mysqli_error(); $result = mysqli_query($dbc,$query) or die('We are sorry, your email could not be sent at this time. Please try again in a few minutes'); mysqli_close($dbc); echo '<meta HTTP-EQUIV="REFRESH" content="0; url=../admin/digitrycms_panel.php">'; ?> Can someone please help me out. I really appreciate it in advance. Thank you.

how would I add that? "or die(mysql_error());

Ok so I am trying to send information from a form to a data base. I keeps giving me an error, to be specific, the error for querying the database. Any suggestions? Thank you in advance. <?php $name = $_POST['name']; $organization = $_POST['organization']; $phone = $_POST['phone']; $email = $_POST['email']; $description = $_POST['description']; $dbc = mysqli_connect('localhost', 'root', 'password', 'my_database') or die('We are sorry, due to extensive server overload we were unable to process your mail.'); $query = "INSERT INTO mail (name, organization, phone, email, description) " . "VALUES ('$name', '$organization', '$phone', '$email', '$description')"; $result = mysqli_query($dbc,$query) or die('We are sorry, your email could not be sent at this time. Please try again in a few minutes'); mysqli_close($dbc); echo '<meta HTTP-EQUIV="REFRESH" content="0; url=../admin/digitrycms_panel.php">'; ?>

lol not exactly what i wanted to hear but thank you any how. I do appreciate your help.

Thank you for the input! is there a way to cache the images (i know there is a way to cache the images) or do you know how i would be able to cache the images for faster load time? Any input here would be very helpful. The site I am building is kind of graphic intense. Any ideas? Thank you again.

Thank you for your help! Would you know a good direction to point me in? I know I can Google it, but that is what I usually do and after spending hours looking and trying, sometimes it is hard to find something that really works or is not an ad page for a book. I appreciate your help.

Thank you for your help, I ended up have to simply move the .swf file into the root folder. I changed several areas where the url may have been indicated but no luck. Thank you again. I will just call this one not resolved but fixed enough.

Hello and thank you for reading. Simply put, I am building my site and I currently have one page that "include_once();" several pages that hold the divs. ie <html> <head> <title></title> here are all my <link rel css/text href=template/css/main.css> <link rel css/text href=template/css/flash.css> and so on </head> <body> <?php include_once('header.php'); include_once('menu.php'); include_once('content.php'); include_once('login.php'); include_once('sidebar.php'); include_once('footer.php'); </body> <html> sorry for the crudness in code but i think you get my point. Now I want to click on a link from the menu and say only the content.php and sidebar.php would change without forcing the user to reload the page on every click of a link. Any ideas? Thank you in advance.

ok, so I fixed the double tag issuse and now I am getting the bgcolor of the <object> to show, but still no .swf file is being played. I change what I think is the url to flash/main.swf and ../flash/main.swf and just main.swf but still nothing but a bgcolor is displayed. the url where I changed it is in the embed src="flash/main.swf" ... correct? I really dont know what else to do.