I have inhereted a little problem, and can't seem to find an easy answer anywhere. The registration page from the site in question employs MD5 on the password without a hitch, but the login page does not want to work?
Neither the original password or the encrypted version will result in successful login (i tried the encrypted version to see if maybe encryption was not happening to the login password). Anyway, hopefully someone can see what the problem is, or I'm going to have to bite the bullet and recode it. Thanks in advance!!!
<?php require_once('Connections/vprRegistration.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['txtUsername'])) {
$loginUsername=$_POST['txtUsername'];
$password=strip_tags(substr($_POST['txtPassword'],0,32));
$cleanpw = crypt(md5($pw));
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "account_manage.php";
$MM_redirectLoginFailed = "login.php?failed=true";
$MM_redirecttoReferrer = false;
mysql_select_db($database_vprRegistration, $vprRegistration);
$LoginRS__query=sprintf("SELECT RegUsername, RegPassword FROM registration WHERE RegUsername=%s AND RegPassword='". mysql_real_escape_string($cleanpw)."'",
GetSQLValueString($_POST['txtUsername'], "text"),
GetSQLValueString($_POST['txtPassword'], "text"));
$LoginRS = mysql_query($LoginRS__query, $vprRegistration) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>