View Full Version : problems validating user....

05-14-2004, 02:48 PM
I am fairly new to PHP and i have a problem :D . When I login, it redirects me to the desired page. but when the password is incorrect, it still redirects to the same page.


$user = $_POST["username"];
$pass = md5($_POST["password"]);

$host = "localhost";
$dbuser = "rsf_dredd";
$dbase = "rsfdredd_uk_db";

$sql = mysql_query("SELECT * FROM cms WHERE user=$user and password=$pass");

$num = mysql_num_rows($sql);
if ($num = 1) {
} else {
$_SESSION["error"] = "<font color=red>Wrong username or passowrd. Try again.</font>";

05-14-2004, 04:24 PM
if($num = 1)

will always returns true.

I think you want

if($num == 1)

05-14-2004, 04:58 PM
I tried that and it won't let me login with the correct user name and password... it seems to keep jumping to the else statement

05-14-2004, 05:14 PM
Well, you're using md5 to encrypt your password, then accessing a plain text password in the database.

Are your passwords in the DB stored as text, using the PASSWORD('field') command, or a result of encryption using md5?

05-14-2004, 05:19 PM
I figured it out... i needed the single quotes over the variables within the query and the == ... thanx 4 your help. Yes, I'm using md5 to encrypt. It's just a result of the encryption then the string is inserted into the db directly... is there a better/more secure way of doing it?

05-14-2004, 05:43 PM
md5 is a pretty good method for an average system. You should probably be more concerned about someone grabbing the posted form data over http vs. https than someone breaking md5 encryption.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum