Stupid Php Question.

[ryanteck]

Hi.

I am making a login script for my website and i want it to also not just check for the username and password but to also check for the value 1 in the field beta.

Heres what i got

<?php
ob_start();
Mysql info

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password Or Not Beta Tester";
}

ob_end_flush();
?>

The login fully works but the check for the 1 dont. How whould i do this?

[Maq]

That's the correct way to do it.  Are you positive the account doesn't have 1 as a value for beta?

[Pikachu2000]

The tutorial you're using is recognizable as being from phpeasystep, and is obsolete.

[Pikachu2000]

However, you can't simply toss a php function into the middle of a string as you're attempting to do using md5() in the query string.

 

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

Note the difference in the syntax highlighting:

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password= '" . md5('$mypassword') . "' and beta= '1'";

[mikosiko]

and in top of everything else

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

the SQL is incorrect... missing a space before the last "and"

[ryanteck]

and in top of everything else

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

the SQL is incorrect... missing a space before the last "and"

 

All fixed thankyou.

My friend has been using the main script for about 2-3 months and has been working perfect for him

[Pikachu2000]

It's very likely to abruptly stop working the next time the hosting company upgrades the version of PHP.

[ryanteck]

I am the hosting company. and its the PHP5 code

[Pikachu2000]

However, you can't simply toss a php function into the middle of a string as you're attempting to do using md5() in the query string.

 

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password=md5('$mypassword')and beta= '1'";

 

Note the difference in the syntax highlighting:

$sql="SELECT * FROM $tbl_name WHERE username=md5('$myusername') and password= '" . md5('$mypassword') . "' and beta= '1'";

 

To clear this ^^^ up, I forgot that MySQL even had an MD5() function as I never use it, favoring salted SHA256 hashes instead. The function usage in the original query string is fine, and either string will produce the same result.