Jump to content

Archived

This topic is now archived and is closed to further replies.

localhost

wont login

Recommended Posts

login.php script:

[code]<?php
session_start();


require('../inc/connect.php');

if ($_POST['username']) {
$username=$_POST['username'];
$password=base64_encode($_POST['password']);
if ($password==NULL) {
echo "A password was not supplied";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "The supplied login is incorrect";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["s_username"] = $row['username'];
echo "You have successfully logged in as ".$_SESSION['s_username']." and can go to the index <a href='../index.php'>here</a>.";
}
}
}
?>[/code]


register.php script:

[code]<?php

require('../inc/connect.php');

// If the submit button is pushed we continue
if(isset($_POST['submit'])) {

// Set POST form variables
$username = $_POST['username'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$email = $_POST['email'];

// Set normal needed variables
$ip = $_POST['ip'];
$date = $_POST['date'];
$privilege = $_POST['privilege'];

// Check if all fields are full
if($username==NULL || $password==NULL || $cpassword==NULL || $email==NULL) {
echo "All fields marked with a * are required";
} else {

// Check if both passwords entered are matching
if($password!=$cpassword) {
echo "Passwords do not match.";
} else {

// Encrypt password
$enc_password = base64_encode('$password');

// Insert the post form info into the database
$query1 = "INSERT INTO `users` (`username`, `password`, `email`, `ip`, `date`, `privilege`) VALUES ('$username', '$enc_password', '$email', '$ip', '$date', '$privilege')";
$result1 = mysql_query($query1) or die('Error 003: Could not insert user details into database');
// Error 003 - register.php - Database error...

} // End if for required fields
} // End if for password match
} // End if for submit button

?>
[/code]

Share this post


Link to post
Share on other sites
Do you get any error messages ?
does the script works correctly when you don't supply the correct password ?
(does it echo "The supplied login is incorrect";)

Share this post


Link to post
Share on other sites
I can't see what's wrong, your code looks fine. Try echoing the supplied password and the one from the database and see if they actually match.

Share this post


Link to post
Share on other sites
I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.

Share this post


Link to post
Share on other sites
[!--quoteo(post=381684:date=Jun 8 2006, 08:43 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Jun 8 2006, 08:43 PM) [snapback]381684[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.
[/quote]

It's better than not encrypting them at all, which is what I did back in my first MORPG... oh the naivety

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.