[SOLVED] Login Password

[coolphpdude]

Hey guys,

 

this might sound like a daft question but here it goes;

 

A user registers a username and password on a form which is then submitted and inserted into a 'user' table using the following code...

 

$sql="INSERT INTO user (id, password) values ('$id', PASSWORD ('$password')";

 

now when a user comes to log in they enter the username and password they chose but because the password was encrypted when it was inserted into the database it doesnt match what they have entered to log in.

 

What do i need to do??

 

[Cagecrawler]

Simply encrypt the input at login and compare the hashes.  It's probably easier to use a hash function such as md5 or sha1 for this.  Simply execute the function, then compare.

<?php
$password = sha1($_POST['password']);
$id = mysql_real_escape_string($_POST['id']);

$sql = "SELECT * FROM user WHERE id= '$id' and password = '$password'";
?>

 

 

[coolphpdude]

cheers i'll give this a try

[Lukela]

Just as he said, when they sign up convert the inputted information into a hash

 

<?php

 

$id = md5($_POST['id']);

$password = md5($_POST['password']);

 

$query = mysql_query("INSERT INTO `table` (`id`, `password`) VALUES ('".$_POST['id'])"', '".$_POST['password']."')) or die(mysql_error());

 

?>

 

Than when they try logging in or something just redo it again although selecting the information

 

<?php

 

$id = md5($_POST['id']);

$password = md5($_POST['password']);

 

$sql = "SELECT id, password FROM `table` WHERE id='$id'";

$query = mysql_query($sql);

$row = mysql_fetch_assoc($query);

 

if (empty($row))

{

echo "Incorrect Name";

}

 

if ($row['password'] != $_POST['password'])

{

$error = 1;

echo "Incorrect Password";

}

 

# than so on and on....

?>

 

Just matching hashes like what the dude above said =]

[coolphpdude]

champion, cheers lads