user authentication

[CincoPistolero]

I have borrowed a user authentication module from another one of my sites that works on Linux with mysql. My current site is windows with mssql. the below code recognizes if you didn't fill in the username and password, but the next error it gives is the 'Incorrect Password' even if the username isn't in the db.

 

<?php
if (isset($_POST['submit'])) { // if form has been submitted


/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
	die('You did not fill in a required field. <a href="../login/">Back to Login</a>');
}

// authenticate.

if (!get_magic_quotes_gpc()) {
	$_POST['uname'] = addslashes($_POST['uname']);
}

$check = $db_object->query("SELECT userName, password FROM users WHERE userName = '".$_POST['uname']."'");

if (DB::isError($check)) {
	die('That username does not exist in our database. <a href="../login/">Back to Login</a>');
}

$info = $check->fetchRow();

// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
	die('Incorrect password, please try again. <a href="../login/">Back to Login</a>');
}

 

Here is the form input.

 

<form method="post">
    <table cellpadding="0" cellspacing="0" border="0" align="center">
      <tr>
        <td class="rt">Username:</td>
        <td><input type="text" name="uname" size="30" /></td>
      </tr>
      <tr>
        <td class="rt">Password:</td>
        <td><input type="password" name="passwd" size="30" /></td>
      </tr>
      <tr>
        <td colspan="2" class="rt"><input type="submit" name="submit" value="Log-In" /></td>
      </tr>
    </table>
    </form>

[d.shankar]

You didnt do this step.

 

$info['password'] = md5($info['password']);