Jump to content

Archived

This topic is now archived and is closed to further replies.

DarkWolfXP

MD5 login page problem! help plz

Recommended Posts

Hello this is my first post on this forum...
Here it go!
Ok I encrypted my password on the page Register.php
In login.php I  made script to encrypt the password and then look if does match or not with the Database
My problem is there they match but that not working well
[quote]<?
include "configuration.php";

$db = mysql_connect($host, $login_php, $password);
$basedados = mysql_select_db($database);
$pass = md5($pass);
$check = mysql_query("SELECT * FROM `$table` WHERE login = '$login' AND pass = '$pass'", $db);
$count = mysql_num_rows($check);

if ( $count == 1 ) {
  echo "Welcome User";
  } else {
  echo "Login fail";
}
?>
[/quote]
when I do echo "$count"; give me always 0 with the password

What I am doing wrong?

Share this post


Link to post
Share on other sites
You forgot the dollar sign in front of the count variable on the "if" statement:
if ( count == 1 ) {

Do something like:

$sql = "SELECT * FROM `$table` WHERE login = '$login' AND pass = '$pass'";
$check = mysql_query($sql, $db);
if (!$check) {
    echo 'SQL: ', $sql, ' Error: ', mysql_error();
    exit;
}
$count = mysql_num_rows($check);

if (1 == $count) {
  echo "Welcome User";
} else {
  echo "Login fail";
}

I assume all the other variables used are populated prior to this code is executed.

hth.

}

Share this post


Link to post
Share on other sites
Srry my mistake copying the script it got the dollar symbol in count
I tried that script u told me to try to make something like that still give me 0 this is "login Fail"
but if I try dont encrypt and copy the password from the phpmyadmin and paste on password form and login with the username it show "Welcome user"
Thats anoying -.-'

P.S can any1 explain how the guy from tutorial defined the string $login $pass?
I am following a tutorial and somebody asked me what are $login and $pass defined to :s
P.S $login and $pass are defined to their text field but I dont see how he did that :o

Share this post


Link to post
Share on other sites
[quote author=DarkWolfXP link=topic=99141.msg390395#msg390395 date=1151827042]
Srry my mistake copying the script it got the dollar symbol in count
I tried that script u told me to try to make something like that still give me 0 this is "login Fail"
but if I try dont encrypt and copy the password from the phpmyadmin and paste on password form and login with the username it show "Welcome user"
Thats anoying -.-'

P.S can any1 explain how the guy from tutorial defined the string $login $pass?
I am following a tutorial and somebody asked me what are $login and $pass defined to :s
P.S $login and $pass are defined to their text field but I dont see how he did that :o
[/quote]
I assume $login and $pass variables are supposed to be populated from a HTML form. The tutorial you're looking at is probably is relying on a php.ini configuration setting called register_globals. With register_globals on, PHP will automatically create variables by the same name as defined in the HTML form. This is old style of coding and has security risk implications. You should have register_globals turned off and program accordingly.

For instance, if your HTML form is using a GET method, then use $_GET to access the form values. The example below assumes the POST method was used.

$login = isSet($_POST['login']) ? $_POST['login'] : '';

$pass = isSet($_POST['pass']) ? md5($_POST['pass']) : '';

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.