[SOLVED] Login issues

[ballouta]

Hello,

 

I have a table called 'admin' stores two usernames and passwords.

The user name is clear where the password is a long string smthg like this: s094fhdg2984032

 

The login form is like nay login code, it is posted the a file called 'session.php'

this file code is:

<?php
include("database.php");
$uname=addslashes($_POST['username']);
$password=addslashes($_POST['password']);
if($uname=='' && $password==''){
$msg="Please enter your username and password";
header("Location: ../index.php?msg=$msg");
exit;
}
$sqlStat="SELECT * FROM admin";
$sqlRes=mysql_query($sqlStat);
while($row=mysql_fetch_array($sqlRes)){
$un=stripslashes($row['username']);
$pd=stripslashes($row['password']);
$hpd=md5($password);
if($uname==$un && $hpd==$pd){
	$id=stripslashes($row['id']);
	$time=time();
	setcookie("arabbev_001",$id,0,'/');
	$sqlStat1="INSERT INTO session VALUES('','$id','$time')";
	$sqlRes1=mysql_query($sqlStat1);
	header("Location: ../main.php");
	exit;
}
}
$msg="Invalid username or password";
header("Location: ../index.php?msg=$msg");
exit;
?>

 

if the login was sucesfull, it should go to main.php which begins with:

<?php
include("common/database.php");
require('common/check_session_main.php');
?>

 

I don't know what is the username to login, so i inserted in the admin table:

username: ballouta

password: pass123

 

but it didn't work!!

 

May you explain please what does session.php make and how it works?

How i can login?

 

Many thanks

[Ken2k7]

Just a question - why are you adding slashes and stripping them?

 

Also adding pass123 directly into the DB isn't going to work. Why? It's not hashed.

[gnawz]

session.php checks the session. Its a session handler to either return the last page visited or check if one is logged in order to determine the rights to give or other.

 

Check if the database details, esp password are encrypted and perhaps need decryption

[ballouta]

thanks

 

where is the encryption code? and how do I reverse it so i know what was my old password? or at least add a new username and password?

Thank you

[Ken2k7]

What do you mean where's the encryption code? You used md5 in the code so I assume you use that.

[ballouta]

yes this is what i was looking for md5.

how i can decrypt the password is there a function?

 

thanks

[Ken2k7]

You don't. If you could, people would be hacking too easily. You can and are recommended to encrypt the password before storing it into the DB.

[revraz]

MD5 is not an encryption, it's a hash.

[gnawz]

Remove the md5 hashing first from your script (registration page and access management page) so you can be able to access the system with data you enter directly in the MySQl db

 

Then when you are done, return that hashing so u can register a new account.

 

otherwise, the hashing can be removed from any page where it is being used-not advisable though

[ballouta]

thank you gnawz

I will remove it and try to login

 

If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123?

 

[Ken2k7]

thank you gnawz

I will remove it and try to login

 

If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123?

 

Read revraz's post. md5 hashes a string. The difference between hashing and encryption is that in encryption, you can decrypt it, but once something is hashed, it can't be reverted.

 

And yes. If you md5 your pass123 and store that in your DB, you should be able to log in provided that you put back the md5() function gnawz told you to take out.

[gnawz]

md5 is a hash, please note as Ken2k7 has explained.

 

What I think is that since this fellow says they are new to PHP, then maybe its the typing but they understand