Jump to content

[SOLVED] Login issues


ballouta

Recommended Posts

Hello,

 

I have a table called 'admin' stores two usernames and passwords.

The user name is clear where the password is a long string smthg like this: s094fhdg2984032

 

The login form is like nay login code, it is posted the a file called 'session.php'

this file code is:

<?php
include("database.php");
$uname=addslashes($_POST['username']);
$password=addslashes($_POST['password']);
if($uname=='' && $password==''){
$msg="Please enter your username and password";
header("Location: ../index.php?msg=$msg");
exit;
}
$sqlStat="SELECT * FROM admin";
$sqlRes=mysql_query($sqlStat);
while($row=mysql_fetch_array($sqlRes)){
$un=stripslashes($row['username']);
$pd=stripslashes($row['password']);
$hpd=md5($password);
if($uname==$un && $hpd==$pd){
	$id=stripslashes($row['id']);
	$time=time();
	setcookie("arabbev_001",$id,0,'/');
	$sqlStat1="INSERT INTO session VALUES('','$id','$time')";
	$sqlRes1=mysql_query($sqlStat1);
	header("Location: ../main.php");
	exit;
}
}
$msg="Invalid username or password";
header("Location: ../index.php?msg=$msg");
exit;
?>

 

if the login was sucesfull, it should go to main.php which begins with:

<?php
include("common/database.php");
require('common/check_session_main.php');
?>

 

I don't know what is the username to login, so i inserted in the admin table:

username: ballouta

password: pass123

 

but it didn't work!!

 

May you explain please what does session.php make and how it works?

How i can login?

 

Many thanks

Link to comment
Share on other sites

session.php checks the session. Its a session handler to either return the last page visited or check if one is logged in order to determine the rights to give or other.

 

Check if the database details, esp password are encrypted and perhaps need decryption

Link to comment
Share on other sites

Remove the md5 hashing first from your script (registration page and access management page) so you can be able to access the system with data you enter directly in the MySQl db

 

Then when you are done, return that hashing so u can register a new account.

 

otherwise, the hashing can be removed from any page where it is being used-not advisable though

Link to comment
Share on other sites

thank you gnawz

I will remove it and try to login

 

If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123?

 

Link to comment
Share on other sites

thank you gnawz

I will remove it and try to login

 

If i use the md5 function to encrypt a new password, for example pass123, am i able to store the hased value in the DB and login using pass123?

 

Read revraz's post. md5 hashes a string. The difference between hashing and encryption is that in encryption, you can decrypt it, but once something is hashed, it can't be reverted.

 

And yes. If you md5 your pass123 and store that in your DB, you should be able to log in provided that you put back the md5() function gnawz told you to take out.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.