localhost Posted June 9, 2006 Share Posted June 9, 2006 login.php script:[code]<?phpsession_start();require('../inc/connect.php');if ($_POST['username']) {$username=$_POST['username'];$password=base64_encode($_POST['password']);if ($password==NULL) {echo "A password was not supplied";}else{$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());$data = mysql_fetch_array($query);if($data['password'] != $password) {echo "The supplied login is incorrect";}else{$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());$row = mysql_fetch_array($query);$_SESSION["s_username"] = $row['username'];echo "You have successfully logged in as ".$_SESSION['s_username']." and can go to the index <a href='../index.php'>here</a>.";}}}?>[/code]register.php script:[code]<?phprequire('../inc/connect.php');// If the submit button is pushed we continueif(isset($_POST['submit'])) {// Set POST form variables$username = $_POST['username'];$password = $_POST['password'];$cpassword = $_POST['cpassword'];$email = $_POST['email'];// Set normal needed variables$ip = $_POST['ip'];$date = $_POST['date'];$privilege = $_POST['privilege'];// Check if all fields are fullif($username==NULL || $password==NULL || $cpassword==NULL || $email==NULL) {echo "All fields marked with a * are required";} else {// Check if both passwords entered are matchingif($password!=$cpassword) { echo "Passwords do not match.";} else {// Encrypt password$enc_password = base64_encode('$password');// Insert the post form info into the database$query1 = "INSERT INTO `users` (`username`, `password`, `email`, `ip`, `date`, `privilege`) VALUES ('$username', '$enc_password', '$email', '$ip', '$date', '$privilege')";$result1 = mysql_query($query1) or die('Error 003: Could not insert user details into database');// Error 003 - register.php - Database error...} // End if for required fields} // End if for password match} // End if for submit button?>[/code] Quote Link to comment Share on other sites More sharing options...
anatak Posted June 9, 2006 Share Posted June 9, 2006 Do you get any error messages ?does the script works correctly when you don't supply the correct password ?(does it echo "The supplied login is incorrect";) Quote Link to comment Share on other sites More sharing options...
localhost Posted June 9, 2006 Author Share Posted June 9, 2006 it echoes the supplied login is incorrect when it is correct! Quote Link to comment Share on other sites More sharing options...
Fyorl Posted June 9, 2006 Share Posted June 9, 2006 I can't see what's wrong, your code looks fine. Try echoing the supplied password and the one from the database and see if they actually match. Quote Link to comment Share on other sites More sharing options...
poirot Posted June 9, 2006 Share Posted June 9, 2006 I'd like to ask, because it is odd, why are you using base64_encode()?You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.This should either be a bad practice or evil purposes like be able to know your users' passwords. Quote Link to comment Share on other sites More sharing options...
Fyorl Posted June 9, 2006 Share Posted June 9, 2006 [!--quoteo(post=381684:date=Jun 8 2006, 08:43 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Jun 8 2006, 08:43 PM) [snapback]381684[/snapback][/div][div class=\'quotemain\'][!--quotec--]I'd like to ask, because it is odd, why are you using base64_encode()?You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.This should either be a bad practice or evil purposes like be able to know your users' passwords.[/quote]It's better than not encrypting them at all, which is what I did back in my first MORPG... oh the naivety Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.