Jump to content


Photo

MD5 login page problem! help plz


  • Please log in to reply
3 replies to this topic

#1 DarkWolfXP

DarkWolfXP
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 01 July 2006 - 10:21 PM

Hello this is my first post on this forum...
Here it go!
Ok I encrypted my password on the page Register.php
In login.php I  made script to encrypt the password and then look if does match or not with the Database
My problem is there they match but that not working well

<?
include "configuration.php";

$db = mysql_connect($host, $login_php, $password);
$basedados = mysql_select_db($database);
$pass = md5($pass);
$check = mysql_query("SELECT * FROM `$table` WHERE login = '$login' AND pass = '$pass'", $db);
$count = mysql_num_rows($check);

if ( $count == 1 ) {
  echo "Welcome User";
  } else {
  echo "Login fail";
}
?>

when I do echo "$count"; give me always 0 with the password

What I am doing wrong?

#2 toplay

toplay
  • Staff Alumni
  • Advanced Member
  • 973 posts

Posted 01 July 2006 - 10:42 PM

You forgot the dollar sign in front of the count variable on the "if" statement:
if ( count == 1 ) {

Do something like:

$sql = "SELECT * FROM `$table` WHERE login = '$login' AND pass = '$pass'";
$check = mysql_query($sql, $db);
if (!$check) {
    echo 'SQL: ', $sql, ' Error: ', mysql_error();
    exit;
}
$count = mysql_num_rows($check);

if (1 == $count) {
  echo "Welcome User";
} else {
  echo "Login fail";
}

I assume all the other variables used are populated prior to this code is executed.

hth.

}

#3 DarkWolfXP

DarkWolfXP
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 02 July 2006 - 07:57 AM

Srry my mistake copying the script it got the dollar symbol in count
I tried that script u told me to try to make something like that still give me 0 this is "login Fail"
but if I try dont encrypt and copy the password from the phpmyadmin and paste on password form and login with the username it show "Welcome user"
Thats anoying -.-'

P.S can any1 explain how the guy from tutorial defined the string $login $pass?
I am following a tutorial and somebody asked me what are $login and $pass defined to :s
P.S $login and $pass are defined to their text field but I dont see how he did that :o

#4 toplay

toplay
  • Staff Alumni
  • Advanced Member
  • 973 posts

Posted 02 July 2006 - 02:13 PM

Srry my mistake copying the script it got the dollar symbol in count
I tried that script u told me to try to make something like that still give me 0 this is "login Fail"
but if I try dont encrypt and copy the password from the phpmyadmin and paste on password form and login with the username it show "Welcome user"
Thats anoying -.-'

P.S can any1 explain how the guy from tutorial defined the string $login $pass?
I am following a tutorial and somebody asked me what are $login and $pass defined to :s
P.S $login and $pass are defined to their text field but I dont see how he did that :o

I assume $login and $pass variables are supposed to be populated from a HTML form. The tutorial you're looking at is probably is relying on a php.ini configuration setting called register_globals. With register_globals on, PHP will automatically create variables by the same name as defined in the HTML form. This is old style of coding and has security risk implications. You should have register_globals turned off and program accordingly.

For instance, if your HTML form is using a GET method, then use $_GET to access the form values. The example below assumes the POST method was used.

$login = isSet($_POST['login']) ? $_POST['login'] : '';

$pass = isSet($_POST['pass']) ? md5($_POST['pass']) : '';





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users