Butler Posted April 24, 2011 Share Posted April 24, 2011 I am self taught and am trying very hard to get a log in page to work. The way i want it to work is that when they log in it uses a url stored in the database for their account. But i am having some much trouble working out a code that works and this is all i got: <?php include ('connection.php'); $username=$_POST['username5']; $password=$_POST['password5']; $query="SELECT password FROM merchants WHERE username = '$_POST(username5)'"; if ($password == $query) { $url = "SELECT url FROM merchants WHERE username = '$_POST(username5)'"; header("Location: $url"); } else { echo urgh } ?> Link to comment https://forums.phpfreaks.com/topic/234585-very-new-at-this-and-need-coding-help/ Share on other sites More sharing options...
Fadion Posted April 24, 2011 Share Posted April 24, 2011 $username = mysql_real_escape_string($_POST['username5']); $password = sha1($_POST['password']); //passwords should be hashed before inserted into a database for security reasons. Remove sha1() if you have not used hashing. $results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'"); if (mysql_num_rows($results)) { $values = mysql_fetch_array($results); $url = $values['url']; header("Location: $url"); } else { echo 'Wrong data yo!'; } Link to comment https://forums.phpfreaks.com/topic/234585-very-new-at-this-and-need-coding-help/#findComment-1205539 Share on other sites More sharing options...
fugix Posted April 24, 2011 Share Posted April 24, 2011 the above code looks correct....your main issue butler was in your mysql_query, you put $_POST('username5') instead of $_POST['username5'].. Link to comment https://forums.phpfreaks.com/topic/234585-very-new-at-this-and-need-coding-help/#findComment-1205543 Share on other sites More sharing options...
Butler Posted April 24, 2011 Author Share Posted April 24, 2011 $username = mysql_real_escape_string($_POST['username5']); $password = sha1($_POST['password']); //passwords should be hashed before inserted into a database for security reasons. Remove sha1() if you have not used hashing. $results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'"); if (mysql_num_rows($results)) { $values = mysql_fetch_array($results); $url = $values['url']; header("Location: $url"); } else { echo 'Wrong data yo!'; } I used your code but the on,ly thing is no matter if i put the right username and password or not it returns to be wrong and i dont know what hashed means Link to comment https://forums.phpfreaks.com/topic/234585-very-new-at-this-and-need-coding-help/#findComment-1205555 Share on other sites More sharing options...
Fadion Posted April 24, 2011 Share Posted April 24, 2011 In my code, just replace this line: $password = sha1($_POST['password']); with $password = mysql_real_escape_string($_POST['password']); Hashing is a way of storing encrypted passwords in the database. In that way, even if someone sees your user table, no actual password information will be shown. PHP has several methods of encryption, be it one-way or not. The function I suggested (sha1) is a one-way hashing algorithm that cannot be decrypted. You can just use hashes to compare and specify if provided passwords are correct. Link to comment https://forums.phpfreaks.com/topic/234585-very-new-at-this-and-need-coding-help/#findComment-1205560 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.