BenOwns Posted September 15, 2008 Share Posted September 15, 2008 Well i have created my register script below to use md5 randcom <?php if (isset($_POST['submitted'])) { $errors = array(); require_once ('config.php'); if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['username']))) ) { $user = mysql_real_escape_string($_POST['username']); $query = "SELECT username FROM users WHERE username = '$user'"; $result = @mysql_query($query); $num = @mysql_num_rows($result); if ($num> 0) { $errors[] = '<font color="red">The username you have chosen has already been taken, please try again.</font>'; } else { $username = mysql_real_escape_string($_POST['username']); } } else { $errors[] = '<font color="red">Please provide a valid username between 4 and 30 characters.</font>'; } if (!eregi('^[a-zA-Z]+[a-zA-Z0-9_-]*@([a-zA-Z0-9]+){1}(\.[a-zA-Z0-9]+){1,2}', stripslashes(trim($_POST['email'])) )) { $errors[] = '<font color="red">Please provide a valid email address.</font>'; } else { $email = mysql_real_escape_string($_POST['email']); } if (!empty($_POST['password1'])) { if ($_POST['password1'] != $_POST['password2']) { $errors[] = '<font color="red">The 2 passwords you have entered do not match.</font>'; } else { $password = $_POST['password1']; } } else { $errors[] = '<font color="red">Please provide a password.</font>'; } if (empty($errors)) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO users (username, email, password, active) VALUES ('$username', '$email', SHA('$password'), '$a')"; $result = @mysql_query($query); if (mysql_affected_rows() == 1) { // Send the E-Mail $body = "Thank you for registering at the User Registration site. To activate your account, please click on this link:\n\n"; $body .= "http://www.d2turf.com/activate.php?x=" . mysql_insert_id() . "&y=$a"; mail($_POST['email'], 'Registration Confirmation', $body, 'From: [email protected]'); // Show thank you message echo '<h3>Thank You!</h3> You have been registered, you have been sent an e-mail to the address you specified before. Please check your e-mails to activate your account.'; } else { echo '<font color="red">You could not be registered, please contact us about the problem and we will fix it as soon as we can.</font>'; } } else { echo '<h3>Error!</h3> The following error(s) occured:<br />'; foreach ($errors as $msg) { echo " - <font color=\"red\">$msg</font><br />\n"; } } } ?> <h3>D3Turf.com Register</h3> <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> <p><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" size="30" maxlength="30" /> <small>Username</small></p> <p><input type="password" name="password1" size="30" maxlength="40" /> <small>Password</small></p> <p><input type="password" name="password2" size="30" maxlength="40" /> <small>Confirm Password</small></p> <p><input type="text" name="email" size="30" maxlength="30" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> <small>Email Address</small></p> <p><input type="submit" name="submit" value="Register" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> i have an activation page <?php if (isset($_GET['x'])) { $x = (int) $_GET['x']; } else { $x = 0; } if (isset($_GET['y'])) { $y = $_GET['y']; } else { $y = 0; } if ( ($x> 0) && (strlen($y) == 32)) { require_once ('config.php'); $query = "UPDATE users SET active=NULL WHERE (id=$x AND active='" . $y . "') LIMIT 1"; $result = mysql_query($query); if (mysql_affected_rows() == 1) { echo "<h3>Your account is now active. You may now log in.</h3>"; } else { echo '<p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>'; } mysql_close(); } else { echo '<b>Activation link not valid!</b>'; } ?> Which when account is actived makes activate = NULL Now this is the problem i am having, with my login script. I don't know if i have the MD5 password convert right or not? Seeing when i load the page everything seems to work, but when i try to login with my username and password. i get my login failed. Please take a look so you can guide me the right way if possible login code below <?php require_once('config.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'users' table $query = mysql_query('username, active, password FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5(Rand( $_POST['password'])).'"')); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['active'] == NULL) { $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] = TRUE; header("Location: index.php"); } else { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link'; } } else { $error = 'Login failed !'; } } else { $error = 'Please user both your username and password to access your account'; } } ?> <?php if(isset($error)){ echo $error;}?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <p>Login </p> <p>UserName</p> <p> <input type="text" id="username" name="username" size="32" value="" /> </p> <p>Password</p> <p> <input type="password" id="password" name="password" size="32" value="" /> </p> <p> <input type="submit" name="Login" value="Login" /> </p> </form> Thanks Guys and gals Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/ Share on other sites More sharing options...
waynew Posted September 15, 2008 Share Posted September 15, 2008 You're using rand()? Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642360 Share on other sites More sharing options...
waynew Posted September 15, 2008 Share Posted September 15, 2008 <?php require_once('config.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { //Use the input username and password and check against 'users' table $query = mysql_query('username, active, password FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(SHA( $_POST['password'])).'"')); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['active'] == NULL) { $_SESSION['username'] = $row['username']; $_SESSION['logged_in'] = TRUE; header("Location: index.php"); } else { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link'; } } else { $error = 'Login failed !'; } } else { $error = 'Please user both your username and password to access your account'; } } ?> <?php if(isset($error)){ echo $error;}?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <p>Login </p> <p>UserName</p> <p> <input type="text" id="username" name="username" size="32" value="" /> </p> <p>Password</p> <p> <input type="password" id="password" name="password" size="32" value="" /> </p> <p> <input type="submit" name="Login" value="Login" /> </p> </form> Does this work? Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642362 Share on other sites More sharing options...
BenOwns Posted September 15, 2008 Author Share Posted September 15, 2008 i get that sha() is undefined Fatal error: Call to undefined function: sha() on line 9 Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642375 Share on other sites More sharing options...
BenOwns Posted September 15, 2008 Author Share Posted September 15, 2008 i tried sha1 and md5 i did not get the error from undefined. but i guess it is still not seeing the md5(Rand() encryption i used for registration when trying to encode the password to match. so still get my login failed Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642383 Share on other sites More sharing options...
BenOwns Posted September 15, 2008 Author Share Posted September 15, 2008 BTW here is my config.php maybe i am calling it wrong? <?php // CHANGE THESE VALUES DEFINE ('DB_USER', 'usernamehere'); DEFINE ('DB_PASSWORD', 'password here'); DEFINE ('DB_HOST', 'hostname here); DEFINE ('DB_NAME', 'db name of course); $dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error()); @mysql_select_db (DB_NAME) OR die('Could not select the database: ' . mysql_error() ); ?> i edited out my info of course lol Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642399 Share on other sites More sharing options...
BenOwns Posted September 16, 2008 Author Share Posted September 16, 2008 anyone else got an idea""? Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-642951 Share on other sites More sharing options...
BenOwns Posted September 16, 2008 Author Share Posted September 16, 2008 i got error reporting EALL in my script now. so i am getting this. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in login.php on line 13 Login failed ! Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-643112 Share on other sites More sharing options...
redarrow Posted September 16, 2008 Share Posted September 16, 2008 can u put all the select statement to basic please...... example "'.mysql_real_escape_string($_POST['username']).'" reprogram this to basic programming indivigally...... //Use the input username and password and check against 'users' table $query = mysql_query('username, active, password FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(SHA( $_POST['password'])).'"')); Link to comment https://forums.phpfreaks.com/topic/124381-help-with-md5-encryption/#findComment-643122 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.