View Full Version : php login script

08-02-2007, 11:42 AM
this is probs not the best way to have a login script
My database uses md5 and i cant figure out a way to get it to compair it etc As right now it dont login with anything md5 as it wont match the input lol



// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0) {
echo "Sorry, there is no username or password with: <strong>".$_POST['username']."</strong><br>";
echo "<a href=login.html>Try again</a>";

} else {

setcookie("loggedin", "".$_POST['username']."", time()+(3600 * 24));
setcookie("username", "".$_POST['username']."", "TRUE");
echo "Welcome: <strong>".$_POST['username']."</strong><br>";
echo "Continue to the <a href=members.php>members</a> section.";

unless someone has a better login script which does what i want.

08-02-2007, 12:08 PM
Hi there,

Could you perhaps be a little clearer in your question?

I assume you mean that the password is stored as a one-way md5 hash in the database, in which case you'll need:

$match = "select id from $table where username = '".$_POST['username']."' and password = '".md5($_POST['password'])."';";

Or something like that (see the md5 man page: http://uk.php.net/manual/en/function.md5.php).

Also, what's with the output buffering??!

08-02-2007, 12:21 PM
Yer the passwords in my database are stored in MD5 format.
Also i am wondering if that script can be better improved, if so roughly how. Like if there is a better script or something, as all i want is login script with sessions or something.
My php skills lack somewhat as you can see lol

08-02-2007, 03:44 PM
There are a good number of ready-made scripts on the net to do this, however I would strongly suggest that you should first become more familiar with PHP. Here is the definitive guide: http://uk.php.net/manual/en/

Me & I
08-02-2007, 04:12 PM
there's alot of security issue in your code

you don't have to use $_POST in the SQL query directly. that will cause SQL Injection holes.

you should treat the incoming data before using : mysql_real_escape_string