Jump to content

Recommended Posts

Hi.

I am making a login script for my website and i want it to also not just check for the username and password but to also check for the value 1 in the field beta.

Heres what i got


<?php
ob_start();
Mysql info

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password Or Not Beta Tester";
}

ob_end_flush();
?>


The login fully works but the check for the 1 dont. How whould i do this?

Link to comment
https://forums.phpfreaks.com/topic/225545-stupid-php-question/
Share on other sites

However, you can't simply toss a php function into the middle of a string as you're attempting to do using md5() in the query string.

 

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

Note the difference in the syntax highlighting:

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password= '" . md5('$mypassword') . "' and beta= '1'";

Link to comment
https://forums.phpfreaks.com/topic/225545-stupid-php-question/#findComment-1164627
Share on other sites

and in top of everything else

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

the SQL is incorrect... missing a space before the last "and"

 

All fixed thankyou.

My friend has been using the main script for about 2-3 months and has been working perfect for him

Link to comment
https://forums.phpfreaks.com/topic/225545-stupid-php-question/#findComment-1164640
Share on other sites

However, you can't simply toss a php function into the middle of a string as you're attempting to do using md5() in the query string.

 

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

Note the difference in the syntax highlighting:

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password= '" . md5('$mypassword') . "' and beta= '1'";

 

To clear this ^^^ up, I forgot that MySQL even had an MD5() function as I never use it, favoring salted SHA256 hashes instead. The function usage in the original query string is fine, and either string will produce the same result.

Link to comment
https://forums.phpfreaks.com/topic/225545-stupid-php-question/#findComment-1164660
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.