iStriide Posted August 4, 2010 Share Posted August 4, 2010 mysql_connect('', '', ''); mysql_select_db(''); if (isset($_POST['submit'])) { $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql = "SELECT id FROM login WHERE username = '$user' && `password` = MD5('$pass')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // $user & $pass are valid echo "You Logged In $user"; } else { // $user || $pass invalid echo "Invalid Login"; } } } Link to comment https://forums.phpfreaks.com/topic/209834-why-wont-this-login-code-work/ Share on other sites More sharing options...
marcus Posted August 4, 2010 Share Posted August 4, 2010 1. Don't bother using any protection on your password since you're encrypting the entire string. $user = mysql_real_escape_string($_POST['user']); $pass = md5($_POST['pass']); $sql = "SELECT id FROM `login` WHERE `username`='".$user."' AND `password`='".$pass."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res)){ // logged in }else { //invalid user/pass } How are you keeping the user logged in? Link to comment https://forums.phpfreaks.com/topic/209834-why-wont-this-login-code-work/#findComment-1095311 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.