[SOLVED] password protection in phpmyadmin

[dazz_club]

Hi wildteen88,

 

I have changed it now so it looks like

$password = md5($_POST['password']);

 

Using my phpmyadmin i looked the my members database, clicked on the icon (you know the pencil icon) next to  1, darren, darren and changed the password function, from nothing to md5, using the drop down menu.

 

I then tried the form and it worked.

 

May i ask some more questions?

 

The script you provided does that perform what i just mentioned above (i changed the function through phpmyadmin)?

 

How can i give the password field in the database table the permanant function of using md5 instead of having to go round the back so to speak and change it. Or, again, is that what your sript performs?

 

Thanks again dude.

Dazzclub

[wildteen88]

I provided the script so you didn't have to perform the operation manually using phpmyadmin. My script will loop through all rows in the members table applying an md5 hash to the passwords in the password field.

 

When inserting a password into the database, just use the md5() php function, just like I did when encrypting the $_POST['password'] variable in login.php. Example code for insert new username and encrypted password into members table;

 

// setup username and password
$username '= foo';
$password = 'bar';

// md5 encrypt the password
$password = md5($password);

// insert new username and password into members table:
$sql = "INSERT INTO members (`username`, `password`) VALUES ('$username', '$password')";
mysqli_query($connection, $sql) or die(mysql_error());

 

 

[dazz_club]

Thats great wildteen88 thanks alot!!!

 

Now my next step is for the login_success.php script to pull out some data about me from another table using password , username or id as a unique field. Dont worry, i'll do my research and wont post for at least an hour, lol.

 

Cheers again

[dazz_club]

Hi there,

 

Back again, sorry.

 

ok as i mentioned in my previous post. I would like to use the user name provied (from the logn pag or the one set in the database)to be passed to the login_success.php so it can then use $username in a query to pull out the correct data for that particular user. something like this'

 

<?php
session_start();
require_once 'includes/connection.php';
// check that the  user has logged in
if(isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] !== true || !isset($_SESSION['is_logged_in']))
{
    die('You must be logged in to view this page!');
}
	$username = isset($_GET['username ']);

	$sql = "SELECT * FROM contacts WHERE username = '$username' ";
	If ($r = mysqli_query($connection, $sql)) { 
	//sending the query to the mySQL server
	While ($row = mysqli_fetch_array($r)) { 
	//inputs the data into the table


	$username = $row['username'];
	}
}	
?>

 

Am i on the right track or am i way  off or should i do more research?

 

cheers

Dazzclub

[wildteen88]

The username is already in the session!, no need to perform the sql query to get the username. In login_success.php you'll see this code:

Session data:
<?php echo '<pre>' . print_r($_SESSION['user'], true) . '</pre>'; ?>

That will produce this result, if the user logged in successfully

Session data: 
Array
(
    [id] => their_id
    [username] => their_username
    [password] => their_hashed_password
)

 

To get the username from the session use $_SESSION['user']['username'] variable.

 

If you look in login.php we set up the session so it stores the username from database if they login successfully.

[dazz_club]

o rite, the reason i was performing a query is that i was using the username to help me pull out some data from a different table.

 

i have a members table which lists the id, password and username

 

and then i have contacts which has their username along , some other address fields.

 

so i was using the username that was entered via the form to then be used to the login_success.php to pull out their data.

 

thanks again for your input

[wildteen88]

Then use:

<?php
session_start();

// check that the  user has logged in
if(isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] !== true || !isset($_SESSION['is_logged_in']))
{
    die('You must be <a href="login.php">login</a> to view this page!');
}

require_once 'includes/connection.php';

// no need to query members table, query the contacts table as you already have the username in the 'user' session
$sql  = "SELECT * FROM contacts WHERE username='{$_SESSION['user']['username']}'";
// perform the query
$result = mysqli_query($connection, $sql);

// as you are only returning 1 row from the contact tables you don't need a while loop
$row = mysqli_fetch_assoc($result);
// display contact data for user
echo '<pre>' . print_r($row, true) . '</pre>';

?>
<html>
<head>
<title>Order form</title>
<link rel="stylesheet" type="text/css" href="styles/style.css" />
<head>
<body>
<div id="container">
<div id="holder">
<div id="header">header goes here</div>
<div id="main">
You are logged in!

Session data:
<?php echo '<pre>' . print_r($_SESSION['user'], true) . '</pre>'; ?>

<a href="logout.php">Logout</a>

</div>
<div id="footer"></div>
<div>
</div>
</div>
</body>
</html>

[dazz_club]

Hi wildteen88,

 

Sorry for not getting back to you quick. The code you gave worked like a charm, i changed it slightly and it still works ,lol.

Thanks again for all your help.

 

kind regards

Dazzclub