I have the following form:
Code:
<form name="form1" method="post" action="login.php">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr align="center"><td colspan="2" style="font-size: 120%;"><strong>Member Login </strong></td></tr>
<tr><td align="right" width="100">Username:</td><td align="center" width="235"><input name="myusername" type="text" id="myusername" size="20" maxlength="6" /></td></tr>
<tr><td align="right">Password:</td><td align="center"><input name="mypassword" type="password" id="mypassword" size="20" maxlength="6" /></td></tr>
<tr><td> </td><td align="center"><input type="submit" name="Submit" value="Log me in"></td></tr>
</table>
</form>
With the following code to check login:
Code:
<?PHP
// Inialize session
session_start();
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';
?>
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>
</head>
<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>
<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>
<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?>
</body>
</html>
<?PHP
<?PHP
// Inialize session
session_start();
// Import the connect to DB code as required as we need it and can not continue with out it.
require 'connect_db.php';
?>
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logging in - 48323934 - ICT 2613</title>
<meta name="Description" content="PHP ICT2613 Exam Assignment. 48323934 - Logging in " />
<meta http-equiv="content-language" content="en-za" />
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Author" content="S.J. Fouche, Student number: 48323934" />
<meta name="HandheldFriendly" content="True" />
<!-- Link to the external style sheet (CSS) -->
<link rel="stylesheet" type="text/css" href="my_css.css" />
<!-- Link to the external javascript file -->
<script type="text/javascript" src="my_javascript.js"></script>
</head>
<body>
<!-- Used the include feature for the header and links on all pages -->
<?PHP require "header.txt" ?>
<!-- Setup image -->
<table width="640" height="350" align="center" cellpadding="0" cellspacing="1">
<tr align="center"><td><img src="site_graphics/controls.jpg" alt="Control Background" width="600" height="300" /></td></tr>
</table>
<!-- PHP Coding -->
<?PHP
// Code below will create Code link at the center and bottom of the page
echo("<p style='position:absolute; bottom:5px; left:49%;'><a href='javascript: logincode()'>Code</a></p>")
?>
</body>
</html>
<?PHP
// username and password sent from form
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
echo $mypassword.'<br />';
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
echo $mypassword.'<br />';
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
echo $mypassword.'<br />';
/* With my research on google re PHP and passwords I came accross this neat little encryption trich for passwords, I have changed my database password varchar to 32 characters
insted of 6 characters as specified to accomodate this feature as a MD5 hash generates a 32 character hash which by it self is pretty interesting as well. this is a 128 bit
encryption and therefore should only generate 16 characters but it makes use of hexa-decimal therefore the 32 characters */
$password_hash = md5($mypassword);
echo $password_hash;
// Table name variable
$tb_name = "tb_user";
// Set the Query within a variable
// I have sed SELECT 'id' instead of SELECT * as it speeds up the search especially if you have thousands of users
$query = "SELECT 'id' FROM $tb_name WHERE username='$myusername' AND password='$password_hash'";
$result = mysql_query($query);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// Create a if statement to check if results returned and if not to display an error
// I have created these messages with window.alert and window.confirm just to be snazzy
// I am able to refer back to the index.php on both conditions as there is a conditional to change the menu links if user logged in.
if($count == 1) {
// Register $myusername and redirect to file "securepage.php"
// Set myusername session variable
$_SESSION['myusername'] = $_POST['myusername'];
$username = $_SESSION['myusername'];
echo "(<script type='text/javascript'>
window.alert(\"Welcome $username you are successfully logged in.\")
window.location.href='index.php';
</script>)";
}
else {
// else if incorrect ask user if they wish to register or try again
echo "(<script type='text/javascript'>
if (window.confirm('Username or Password INCORRECT! Press OK to Register a new user or CANCEL to try again.'))
window.location.href='register.php';
else
window.location.href='index.php';
</script>)";
}
?>
// Table name variable
$tb_name = "tb_user";
// Set the Query within a variable
// I have sed SELECT 'id' instead of SELECT * as it speeds up the search especially if you have thousands of users
$query = "SELECT 'id' FROM $tb_name WHERE username='$myusername' AND password='$password_hash'";
$result = mysql_query($query);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// Create a if statement to check if results returned and if not to display an error
// I have created these messages with window.alert and window.confirm just to be snazzy
// I am able to refer back to the index.php on both conditions as there is a conditional to change the menu links if user logged in.
if($count == 1) {
// Register $myusername and redirect to file "securepage.php"
// Set myusername session variable
$_SESSION['myusername'] = $_POST['myusername'];
$username = $_SESSION['myusername'];
echo "(<script type='text/javascript'>
window.alert(\"Welcome $username you are successfully logged in.\")
window.location.href='index.php';
</script>)";
}
else {
// else if incorrect ask user if they wish to register or try again
echo "(<script type='text/javascript'>
if (window.confirm('Username or Password INCORRECT! Press OK to Register a new user or CANCEL to try again.'))
window.location.href='register.php';
else
window.location.href='index.php';
</script>)";
}
?>
I have added the echo statement to try and see what is happening but the password stays right before the md5.
when I echo the $password_hash it adds a ( at the end I cant understand why.
Am I doing something wrong?
I have tried the code seperate as follows and it does not add the (
Code:
<?PHP
if (isset($_POST['myusername']) && isset($_POST['mypassword'])) {
// username and password sent from form
// My username and passwords are case sensitive and are not making use of: strtolower or strtoupper
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
echo $mypassword.'<br />';
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
echo $mypassword.'<br />';
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
echo $mypassword.'<br />';
/* With my research on google re PHP and passwords I came accross this neat little encryption trich for passwords, I have changed my database password varchar to 32 characters
insted of 6 characters as specified to accomodate this feature as a MD5 hash generates a 32 character hash which by it self is pretty interesting as well. this is a 128 bit
encryption and therefore should only generate 16 characters but it makes use of hexa-decimal therefore the 32 characters */
$password_hash = md5($mypassword);
echo $password_hash;
}
?>
<form name="form1" method="post" action="password2.php">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr align="center"><td colspan="2" style="font-size: 120%;"><strong>Member Login </strong></td></tr>
<tr><td align="right" width="100">Username:</td><td align="center" width="235"><input name="myusername" type="text" id="myusername" size="20" maxlength="6" /></td></tr>
<tr><td align="right">Password:</td><td align="center"><input name="mypassword" type="password" id="mypassword" size="20" maxlength="6" /></td></tr>
<tr><td> </td><td align="center"><input type="submit" name="Submit" value="Log me in"></td></tr>
</table>
</form>