cavendano Posted March 10, 2008 Share Posted March 10, 2008 im having difficulty with this....i cannot login with the admin panel any ideas? i edited out the url and have it echoing the results when it fails and it looks fine...any ideas? im not getting any mysql errors so its connecting fine. <?php session_start(); include "config.inc.php"; $username = $_POST['username']; // $password = $_POST['password']; // $db = mysql_connect($dbHost,$dbUser,$dbPass)or die(mysql_error()); // mysql_select_db($dbname,$db)or die(mysql_error()); $query = "SELECT user, pass FROM configuration WHERE user = '$username' AND pass = '$password'"; $result = mysql_query($query, $db); if(!$result){ echo "$query"; //header('Location: http://.com/admin/form.php'); exit(); } else { $_SESSION['loggedin'] = 1; header('Location: http://.com/admin/admin.php'); exit(); } ?> Link to comment https://forums.phpfreaks.com/topic/95484-admin-panel/ Share on other sites More sharing options...
revraz Posted March 10, 2008 Share Posted March 10, 2008 Is your password stored in plain text in your DB or is it hashed? Link to comment https://forums.phpfreaks.com/topic/95484-admin-panel/#findComment-488808 Share on other sites More sharing options...
DarkerAngel Posted March 10, 2008 Share Posted March 10, 2008 also the if(!$result) doesn't check if the user and passwords match, just checks if the sql query was executed with no errors. Then what revraz said, the password is probably hashed inside the database. Link to comment https://forums.phpfreaks.com/topic/95484-admin-panel/#findComment-488816 Share on other sites More sharing options...
cavendano Posted March 10, 2008 Author Share Posted March 10, 2008 it is in plain text not hashed its just a simple admin panel Link to comment https://forums.phpfreaks.com/topic/95484-admin-panel/#findComment-488989 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.