Jump to content

crypt() and inserting records, etc (3 questions)


Lodius2000

Recommended Posts

ok so 3 problems,

 

1.

I want to insert an encrypted password into my table, heres my stab at making it work.

 

I'm using PEAR DB

<?php
require_once ('../../../dbfiles/db_login.php');

$sql = "INSERT INTO users(username, password)
	VALUES ('bob', crypt('bobspassword')";

$q = $db->query($sql);
if (DB::iserror($q)){
die($q->getMessage());
}


?>

 

both table fields, username, and password, are set as varchar

 

and my script prints "DB Error: syntax error"

 

which i bet is the mysql interpreter trying to do something with a php function, but my php book barely mentions crypt, and i cant make heads or tails of how to get an encrypted record into a table.

 

 

2.

 

so to call the verify the encrypted password in my login screen i have this for validation in the function validate_form()

 

<?php
session_start();
require_once ('../../../dbfiles/db_login.php');
require_once ('formhelpers.php');

if($_POST['_submit_check']){
if($form_errors = validate_form()){
	show_form($form_errors);
} else {
	process_form();
}
} else {
show_form();
}

function show_form($errors = '') {

if ($errors){
	$error_text = '<ul><li>';
	$error_text .= implode('</li><li>', $errors);
	$error_text .= '</li></ul>';
} else {
	$error_text ='';
}

print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
//begin the unique form

print 'Username:';
input_text('username', $_POST);
print '<br />';

print 'Password:';
input_password('password', $_POST);
print '<br />';

input_submit('submit', 'Log In');

print '<input type="hidden" name="_submit_check" value="1" />';
print '</form>';
}

function validate_form(){
global $db;

$errors = array();

//is password valid?
$encrypted_password = $db->getOne('SELECT password FROM users WHERE username = ?',
						array($_POST['username']));

if ($encrypted_password != crypt($_POST['password'], $encrypted_password)){
	$errors[] = 'Please enter a valid password';
}

return $errors;

}

function process_form(){
//add username to session
$_SESSION['username'] = $_POST['username'];

print "Welcome, {$_SESSION['username']}";
}

?>

 

with the relevant portions of formhelpers.php being

//print a text box
function input_text($element_name, $values){
print '<input type="text" name="' . $element_name .'" value="';
print htmlentities($values[$element_name]) . '"/>';
}

//print a password box
function input_password($field_name, $values) {
print '<input type="password" name="' . $field_name .'" value="';
print htmlentities($values[$field_name]) . '"/>';
}

 

3.

lastly what would a validation line look like that validated whether a username exists in the database, because If i try to enter a non valid username and press log in, i am shown the forms, with the previously entered  invalid username and pw but no error

 

thanks a bunch

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.