View Full Version : problems validating user....

05-14-2004, 02:48 PM
I am fairly new to PHP and i have a problem :D . When I login, it redirects me to the desired page. but when the password is incorrect, it still redirects to the same page.


$user = $_POST["username"];
$pass = md5($_POST["password"]);

$host = "localhost";
$dbuser = "rsf_dredd";
$dbase = "rsfdredd_uk_db";

$sql = mysql_query("SELECT * FROM cms WHERE user=$user and password=$pass");

$num = mysql_num_rows($sql);
if ($num = 1) {
} else {
$_SESSION["error"] = "<font color=red>Wrong username or passowrd. Try again.</font>";

05-14-2004, 04:24 PM
if($num = 1)

will always returns true.

I think you want

if($num == 1)

05-14-2004, 04:58 PM
I tried that and it won't let me login with the correct user name and password... it seems to keep jumping to the else statement

05-14-2004, 05:14 PM
Well, you're using md5 to encrypt your password, then accessing a plain text password in the database.

Are your passwords in the DB stored as text, using the PASSWORD('field') command, or a result of encryption using md5?

05-14-2004, 05:19 PM
I figured it out... i needed the single quotes over the variables within the query and the == ... thanx 4 your help. Yes, I'm using md5 to encrypt. It's just a result of the encryption then the string is inserted into the db directly... is there a better/more secure way of doing it?

05-14-2004, 05:43 PM
md5 is a pretty good method for an average system. You should probably be more concerned about someone grabbing the posted form data over http vs. https than someone breaking md5 encryption.