seany123 Posted February 4, 2010 Share Posted February 4, 2010 $username = $_POST['username']; $password = md5($_POST['password']); $query = $db->execute("select * from `players` where `username`='". $username ."' & `password`='". $password ."'"); if ($query->recordcount() <= 0) { $errormsg .= "You could not login! Please check your username/password!"; $error = 1; } anyone know who even though im putting the same password in correctly it dosnt wanna work? edit: i just echoed $password and its different to the one in my database!!! wtf Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/ Share on other sites More sharing options...
PravinS Posted February 4, 2010 Share Posted February 4, 2010 Use AND instead of & in SELECT query $query = $db->execute("select * from `players` where `username`='". $username ."' AND `password`='". $password ."'"); Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006643 Share on other sites More sharing options...
dare87 Posted February 4, 2010 Share Posted February 4, 2010 Are you doing any type of encryption? If you are then it would need to be something like this $query = "SELECT * FROM players WHERE username='$username' AND password=SHA('$password')"; Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006646 Share on other sites More sharing options...
oni-kun Posted February 4, 2010 Share Posted February 4, 2010 Are you doing any type of encryption? If you are then it would need to be something like this $query = "SELECT * FROM players WHERE username='$username' AND password=SHA('$password')"; That is not an encryption, in fact it is the absolute opposite. He's not even using SHA1 (although I would recommend it) Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006647 Share on other sites More sharing options...
dare87 Posted February 4, 2010 Share Posted February 4, 2010 He just said it didn't match when he echoed the password, I was just throwing out something that might help Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006649 Share on other sites More sharing options...
oni-kun Posted February 4, 2010 Share Posted February 4, 2010 He just said it didn't match when he echoed the password, I was just throwing out something that might help Re-Rehashing a password within query with the wrong encryption wouldn't help. Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006650 Share on other sites More sharing options...
seany123 Posted February 4, 2010 Author Share Posted February 4, 2010 i was setting $password = md5($_POST['password']); the problem wasnt in the code i gave... in fact it was in the form... i had the value in password set to <?=$_POST['password']?> thanks for the help anyway anyway is md5 or sha1 better? Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006654 Share on other sites More sharing options...
oni-kun Posted February 4, 2010 Share Posted February 4, 2010 i was setting $password = md5($_POST['password']); the problem wasnt in the code i gave... in fact it was in the form... i had the value in password set to <?=$_POST['password']?> thanks for the help anyway anyway is md5 or sha1 better? To put it simple, None. But SHA1 is slightly more secure, less rainbow hashes in the wild. Quote Link to comment https://forums.phpfreaks.com/topic/190891-anything-wrong-with-this/#findComment-1006655 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.