sammysmee Posted August 30, 2009 Share Posted August 30, 2009 hi there, i would like to add password encryption to my database but i don't know how to get it working. I tried a few things but nothing seems to work, i'm afraid to admit i'm a PHP noob, it has been frustrating me hour hours! here is the code: <?php include "global.php"; layout(); echo " <form action="register.php" method="post"> Pick a Username: <input type="text" name="username" size="20"><br> Pick a Password: <input type="password" name="password" size="20"><br> Email Address: <input type="text" name="email" size="20"><br> Real Name: <input type="text" name="realname" size="20"><br> Location: <input type="text" name="location" size="20"><br> <input type="submit" value="Sign Up"> </form> "; if (isset($_POST["go"])) { extract($_POST); $query = mysql_query("INSERT INTO user SET userid='',username='$username',password='$password',email='$email'"); } footer(); ?> if anyone would tell me where to put it and reccomend any other securities i could add, i would be very grateful! sammy Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/ Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 Encryption and hashing are different things. I don't see you doing either of those in that script. Perhaps its in the register.php that is in your form action? Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909324 Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 sorry ive just noticed ive pasted the completley wrong code! ive been trying a few samples, sorry! the login script ive been given uses MD5 to sent a "forgotten password", i need this for the registration script, at the moment the script is sending the passwords to the db without encryption. the correct code for register is: <?php include "global.php"; layout(); echo " <form id=\"form1\" name=\"form1\" method=\"post\" action=\"\"> <p> Username: <input type=\"text\" name=\"username\"/> </p> <p> Password: <input name=\"password\" type=\"password\"/> </p> <p> Email: <input type=\"text\" name=\"email\" /> </p> <p> <input type=\"submit\" name=\"go\" value=\"Register!\" /> </p> </form> "; if (isset($_POST["go"])) { extract($_POST); $query = mysql_query("INSERT INTO user SET userid='',username='$username',password='$password',email='$email'"); } footer(); ?> Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909327 Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 $query = mysql_query("INSERT INTO user (username, password, email) VALUES ('$username',MD5('$password'),'$email')"; Your query was part INSERT and part UPDATE. Also, you need to escape data. Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909331 Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 hmm, that modification stopped the script sending to the database Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909333 Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 if (isset($_POST['go'])) { $insert = "INSERT INTO user (username, password, email) VALUES ('$username',MD5('$password'),'$email')"; $result = mysql_query($insert) OR die ('Could not add the user to the database.'); } I reworked it a little. I test this on my own system and it works. Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909339 Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 works brilliantly, thankyou very much!! much appreciated! Link to comment https://forums.phpfreaks.com/topic/172485-register-script-password-encryption/#findComment-909341 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.