sammysmee Posted August 30, 2009 Share Posted August 30, 2009 hi there, i would like to add password encryption to my database but i don't know how to get it working. I tried a few things but nothing seems to work, i'm afraid to admit i'm a PHP noob, it has been frustrating me hour hours! here is the code: <?php include "global.php"; layout(); echo " <form action="register.php" method="post"> Pick a Username: <input type="text" name="username" size="20"><br> Pick a Password: <input type="password" name="password" size="20"><br> Email Address: <input type="text" name="email" size="20"><br> Real Name: <input type="text" name="realname" size="20"><br> Location: <input type="text" name="location" size="20"><br> <input type="submit" value="Sign Up"> </form> "; if (isset($_POST["go"])) { extract($_POST); $query = mysql_query("INSERT INTO user SET userid='',username='$username',password='$password',email='$email'"); } footer(); ?> if anyone would tell me where to put it and reccomend any other securities i could add, i would be very grateful! sammy Quote Link to comment Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 Encryption and hashing are different things. I don't see you doing either of those in that script. Perhaps its in the register.php that is in your form action? Quote Link to comment Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 sorry ive just noticed ive pasted the completley wrong code! ive been trying a few samples, sorry! the login script ive been given uses MD5 to sent a "forgotten password", i need this for the registration script, at the moment the script is sending the passwords to the db without encryption. the correct code for register is: <?php include "global.php"; layout(); echo " <form id=\"form1\" name=\"form1\" method=\"post\" action=\"\"> <p> Username: <input type=\"text\" name=\"username\"/> </p> <p> Password: <input name=\"password\" type=\"password\"/> </p> <p> Email: <input type=\"text\" name=\"email\" /> </p> <p> <input type=\"submit\" name=\"go\" value=\"Register!\" /> </p> </form> "; if (isset($_POST["go"])) { extract($_POST); $query = mysql_query("INSERT INTO user SET userid='',username='$username',password='$password',email='$email'"); } footer(); ?> Quote Link to comment Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 $query = mysql_query("INSERT INTO user (username, password, email) VALUES ('$username',MD5('$password'),'$email')"; Your query was part INSERT and part UPDATE. Also, you need to escape data. Quote Link to comment Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 hmm, that modification stopped the script sending to the database Quote Link to comment Share on other sites More sharing options...
Eiolon Posted August 30, 2009 Share Posted August 30, 2009 if (isset($_POST['go'])) { $insert = "INSERT INTO user (username, password, email) VALUES ('$username',MD5('$password'),'$email')"; $result = mysql_query($insert) OR die ('Could not add the user to the database.'); } I reworked it a little. I test this on my own system and it works. Quote Link to comment Share on other sites More sharing options...
sammysmee Posted August 30, 2009 Author Share Posted August 30, 2009 works brilliantly, thankyou very much!! much appreciated! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.