  1. Not sure why that posted twice. Stupid phone lol. Ok brill will check it out when I get home. Thanks for the help guys no doubt you'll here from me soon hah
  2. To be honest I don't think it sounds rude. When it comes to security, sometimes you need to be blunt and to the point. Thanks for the response, ill look into different encryptions' and ill prob go with md5 as I've used it in the past. This is for an admin panel of a website I'm building from scratch. I've used php for years but never actually built from ground up. So your post has been very helpful to me. I will completely rebuild the login check page upon recommendation. Any tips on where to start would be greatly appreciated.
  3. // Mysql_num_row is counting table row $count=mysqli_num_rows($result); that's where I get the value for $count I store passwords with SHA() encryption.
  4. Im having a problem with login system. its telling me my username and password are wrong when i know they are not. here is my login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta charset="UTF-8"> <title>Server 2 Server | Log in</title> <meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'> <!-- Bootstrap 3.3.4 --> <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <!-- Font Awesome Icons --> <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css" /> <!-- Theme style --> <link href="dist/css/AdminLTE.min.css" rel="stylesheet" type="text/css" /> <!-- iCheck --> <link href="plugins/iCheck/square/blue.css" rel="stylesheet" type="text/css" /> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body class="login-page"> <div class="login-box"> <div class="login-logo"> <a href="../../index2.html"><b>Server</b>2SERVER</a> </div><!-- /.login-logo --> <div class="login-box-body"> <p class="login-box-msg">Sign in to view the control panel</p> <?php if(!empty($_GET['msg'])) { $msg = $_GET['msg']; //GET the message if($msg!=''): echo '<p>'.$msg.'</p>'; endif; } ?> <form action="check_login.php" method="post"> <div class="form-group has-feedback"> <input type="text" class="form-control" placeholder="Email" name="username" id="username"/> <span class="glyphicon glyphicon-envelope form-control-feedback"></span> </div> <div class="form-group has-feedback"> <input type="password" class="form-control" placeholder="Password" name="password" id="password"/> <span class="glyphicon glyphicon-lock form-control-feedback"></span> </div> <div class="row"> <div class="col-xs-8"> </div><!-- /.col --> <div class="col-xs-4"> <button type="submit" class="btn btn-primary btn-block btn-flat">Sign In</button> </div><!-- /.col --> </div> </form> <a href="#">I forgot my password</a><br> </div><!-- /.login-box-body --> </div><!-- /.login-box --> <!-- jQuery 2.1.4 --> <script src="../../plugins/jQuery/jQuery-2.1.4.min.js"></script> <!-- Bootstrap 3.3.2 JS --> <script src="../../bootstrap/js/bootstrap.min.js" type="text/javascript"></script> <!-- iCheck --> <script src="../../plugins/iCheck/icheck.min.js" type="text/javascript"></script> <script> $(function () { $('input').iCheck({ checkboxClass: 'icheckbox_square-blue', radioClass: 'iradio_square-blue', increaseArea: '20%' // optional }); }); </script> </body> </html> check_login.php <?php define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file $username = $_POST['username']; //Set UserName $password = $_POST['password']; //Set Password $msg =''; if(isset($username, $password)) { ob_start(); include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($username); $mypassword = stripslashes($password); $myusername = mysqli_real_escape_string($dbC, $myusername); $mypassword = mysqli_real_escape_string($dbC, $mypassword); $sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')"; $result=mysqli_query($dbC, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "dashboard.php" session_register("admin"); session_register("password"); $_SESSION['name']= $myusername; header("location:dashboard.php"); } else { $msg = "Wrong Username or Password. Please retry"; header("location:login.php?msg=$msg"); } ob_end_flush(); } else { header("location:login.php?msg=Please enter a username and password"); } ?> it just keeys telling my my password and user and incorrect please help
