cavendano Posted March 10, 2008 Share Posted March 10, 2008 im having difficulty with this....i cannot login with the admin panel any ideas? i edited out the url and have it echoing the results when it fails and it looks fine...any ideas? im not getting any mysql errors so its connecting fine. <?php session_start(); include "config.inc.php"; $username = $_POST['username']; // $password = $_POST['password']; // $db = mysql_connect($dbHost,$dbUser,$dbPass)or die(mysql_error()); // mysql_select_db($dbname,$db)or die(mysql_error()); $query = "SELECT user, pass FROM configuration WHERE user = '$username' AND pass = '$password'"; $result = mysql_query($query, $db); if(!$result){ echo "$query"; //header('Location: http://.com/admin/form.php'); exit(); } else { $_SESSION['loggedin'] = 1; header('Location: http://.com/admin/admin.php'); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted March 10, 2008 Share Posted March 10, 2008 Is your password stored in plain text in your DB or is it hashed? Quote Link to comment Share on other sites More sharing options...
DarkerAngel Posted March 10, 2008 Share Posted March 10, 2008 also the if(!$result) doesn't check if the user and passwords match, just checks if the sql query was executed with no errors. Then what revraz said, the password is probably hashed inside the database. Quote Link to comment Share on other sites More sharing options...
cavendano Posted March 10, 2008 Author Share Posted March 10, 2008 it is in plain text not hashed its just a simple admin panel Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.