Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    php login script

    this is probs not the best way to have a login script
    My database uses md5 and i cant figure out a way to get it to compair it etc As right now it dont login with anything md5 as it wont match the input lol

    PHP Code:
    <?php
    ob_start
    ();

    include(
    "config.php"); 

    // connect to the mysql server 
    $link mysql_connect($server$db_user$db_pass
    or die (
    "Could not connect to mysql because ".mysql_error()); 

    // select the database
    mysql_select_db($database
    or die (
    "Could not select database because ".mysql_error()); 

    $match "select id from $table where username = '".$_POST['username']."' 
    and password = '"
    .$_POST['password']."';"

    $qry mysql_query($match
    or die (
    "Could not match data because ".mysql_error()); 
    $num_rows mysql_num_rows($qry); 

    if (
    $num_rows <= 0) { 
    echo 
    "Sorry, there is no username or password with: <strong>".$_POST['username']."</strong><br>"
    echo 
    "<a href=login.html>Try again</a>"
    exit;

    } else { 

    setcookie("loggedin""".$_POST['username'].""time()+(3600 24));
    setcookie("username""".$_POST['username']."""TRUE");
    echo 
    "Welcome: <strong>".$_POST['username']."</strong><br>"
    echo 
    "Continue to the <a href=members.php>members</a> section."
    }
    ob_end_flush();
    ?>
    unless someone has a better login script which does what i want.
    Last edited by danbriant; 08-02-2007 at 10:45 AM.

  • #2
    Regular Coder mlse's Avatar
    Join Date
    Mar 2005
    Posts
    624
    Thanks
    20
    Thanked 19 Times in 18 Posts
    Hi there,

    Could you perhaps be a little clearer in your question?

    I assume you mean that the password is stored as a one-way md5 hash in the database, in which case you'll need:

    PHP Code:
    $match "select id from $table where username = '".$_POST['username']."'  and password = '".md5($_POST['password'])."';"
    Or something like that (see the md5 man page: http://uk.php.net/manual/en/function.md5.php).

    Also, what's with the output buffering??!

  • #3
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yer the passwords in my database are stored in MD5 format.
    Also i am wondering if that script can be better improved, if so roughly how. Like if there is a better script or something, as all i want is login script with sessions or something.
    My php skills lack somewhat as you can see lol
    Last edited by danbriant; 08-02-2007 at 11:43 AM.

  • #4
    Regular Coder mlse's Avatar
    Join Date
    Mar 2005
    Posts
    624
    Thanks
    20
    Thanked 19 Times in 18 Posts
    There are a good number of ready-made scripts on the net to do this, however I would strongly suggest that you should first become more familiar with PHP. Here is the definitive guide: http://uk.php.net/manual/en/

  • #5
    New to the CF scene
    Join Date
    Jun 2007
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile

    there's alot of security issue in your code

    you don't have to use $_POST in the SQL query directly. that will cause SQL Injection holes.

    you should treat the incoming data before using : mysql_real_escape_string



  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •