Did you try print $query to ensure it contained what you expected?
-----Original Message----- From: Hawk [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: [PHP] encrypting passwords, how to decrypt? Ok, even if I don't need encryption I thought I might go ahead and try to learn it, and as I said in the previous post I managed to get it working everywhere but on the login script first I have a form that sends username and password to login.php, in that file I have something like this <? $the host user pswd and db vars mysql_connect($host, $user, $pswd); mysql_select_db($db); $query = "SELECT * FROM users WHERE username='$username' and password='$password'"; $result = mysql_query($query); $num = mysql_num_rows($result); if ( $num != NULL ) { session_start(); session_register(admin_allow); $admin_allow = "mytopsecretpassword"; header("location: admin/index.php"); } else { header("location: admin.php"); } ?> I know it looks messy, and I removed some stuff to make it smaller to post, but when I use non encrypted passwords this works fine, my problem is that I don't know how to to do read a encrypted password in the $query, or if I need to do it in some other way(been trying a few different this far) I tried with $query = "SELECT * FROM users WHERE username='$username' and password=password('$password')"; but that made $num = 0, and the login fail I'm getting really tired (from sleeping to little..) and that might have reduced my thinking even more than usual, but what am I doing wrong ? :P Hawk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
