Login and Register SCRIPT - using MySQL and PHP

[R007S]

Hey,

 

I just created a register&login system (with a lill help of a tutorial made in 2004), but i'm having some issues when trying to Login.

 

The register script works perfectly, it creates successfully a new account into the database, but when I try to Login it says that the password is wrong, instead of saying that the password is correct.

 

I tried to figure out what the problem is.. but i can't get track of this.

 

I think the problem is here:

 

       # Retrieve password from result, strip slashes
  		$dbarray = mysql_fetch_array($result);
  		$dbarray['password'] = stripslashes($dbarray['password']);
  		$password = stripslashes($password);
  		
  		# Validate that password is correct
  		if ($password == $dbarray['password'])
  		{
  				return 0; // Sucess! usrname and pw confirmed
  		}
  		else
  		{
  				return 2; // Indicates password failure
  		}

 

Well, i attached the entire script so you could figure out.

Thanks!

 

[attachment deleted by admin]

[peranha]

Try this and see what you get.  are the passwords encrypted?

 

# Retrieve password from result, strip slashes
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

echo "password is" . $password . "<br />;
echo "dbpassword is" . $dbarray['password'];

# Validate that password is correct
        if ($password == $dbarray['password'])
        {
              return 0; // Sucess! usrname and pw confirmed
        }
        else
        {
              return 2; // Indicates password failure
        }

[R007S]

That don't seem to work.

Yes, passwords are encrypted (md5)

 

Please download de code.zip and look for any bug, if you have time.

 

Thanks!

[php.ajax.coder]

Use the md5() function to encrypt the input and then compare the two

 

eg.

 

md5("password") == STORED_PASSWORD