If you are going to us encrypted passwords, then it goes something more
like this:
- user fills out form picking a login and a password.
- php encrypts the password using say md5 and puts the encrypted form into
the database.
- user tries to login typing in their login and password.
- php encrypts their password using md5 and then looks to see if there are
any rows in the database with that login and *encryped* password. if so
then it logs them in.
hope that helps!
-philip
On Thu, 17 Jan 2002, Hawk wrote:
> Ok, even if I don't need encryption I thought I might go ahead and try to
> learn it, and as I said in the previous post I managed to get it working
> everywhere but on the login script
> first I have a form that sends username and password to login.php, in that
> file I have something like this
>
> <?
> $the host user pswd and db vars
> mysql_connect($host, $user, $pswd);
> mysql_select_db($db);
> $query = "SELECT * FROM users WHERE username='$username' and
> password='$password'";
> $result = mysql_query($query);
> $num = mysql_num_rows($result);
> if ( $num != NULL ) {
> session_start();
> session_register(admin_allow);
> $admin_allow = "mytopsecretpassword";
> header("location: admin/index.php");
> }
> else { header("location: admin.php"); }
> ?>
>
> I know it looks messy, and I removed some stuff to make it smaller to post,
> but when I use non encrypted passwords this works fine, my problem is that I
> don't know how to to do read a encrypted password in the $query, or if I
> need to do it in some other way(been trying a few different this far)
>
> I tried with
> $query = "SELECT * FROM users WHERE username='$username' and
> password=password('$password')";
> but that made $num = 0, and the login fail
> I'm getting really tired (from sleeping to little..) and that might have
> reduced my thinking even more than usual, but what am I doing wrong ? :P
>
> Hawk
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
