Jump to content

[SOLVED] Need Help Making Login Script case Sensitive


phpQuestioner

Recommended Posts

I have a login script, but it is not case sensitive. I believe I could use strcmp some how in the code, but I do not know where to put it in this code.

 

 

<?php
$host="localhost"; // Host name
$username="myusernamehere"; // Mysql username
$password="mypasswordhere"; // Mysql password
$db_name="mydatabasehere"; // Database name
$tbl_name="mytablehere"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
$note="Username And/Or Password Not Found";
header("Location: iaam.php?cels=$note");
}
?>

 

So would I use "strcmp" some where in this code or would I do it some other way?

Your login script is going to get hacked because you are pulling raw data I could say || 1=1 and inject your data very easy, first off use the escape string function for username and for passwords look into md5() one way encryption that will make it a 32bit string that is casesensative for password.  For the username the escape does a smilar process.

ok - wait - what?

 

What do you mean "escape string function" - not familiar with this - like "exit"?

So I set my db password field to md5 - right?

 

I found this script and I am really using it as a tool to teach me how to make a login script; but I do want it to be safe, so I can learn to write good and safe coding practices.

Ok - That helped some, but how do I encrypt the password in the database; either before of after I put it in the database? Would I have to echo this and then put it in database:

 

$password="john856";
$encrypt_password=md5($password);

echo $encrypt_password; 

 

would that be my only way to do this?

 

I added this now to php file:

 

// encrypt password
$encrypted_mypassword=md5($mypassword);

 

 

Still looking into escaping string function..........

ok - so I answered my own question about how do I get md5 code; I just echoed it out and copy/pasted into password field. Right now I am not letting any one register on their own; I would be doing registrations manually, all by myself.

 

I'm Sure This Is A Dumb Question - But Why do I need to escape string; If I am registering users myself?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.