RaRa3

Here's the procedure:

 

1. User sends unencrypted password.

2. Encrypt the password.

3. Compare the encrypted password to the encrypted password that's in the database.

4. Log the user in if the two are the same.

yes thats how it is working

Did i say they have to enter the encrypted password in database, i think if you read it AGAIN it says"The idea is for the user to enter their original password this password is then encrypted and compared with encrypted password AND username stored in database."It does not magically encrpyt the original password, i mean did it magically encrpyt the password and store it in database, NO! It used php encyption function, now THINK about it! Use those little grey cells, it is basically using the same principle, BUT! Instead of storing the encypted password you are NOW comparing the entered username and then encrypted password for that user WITH username and encrypted password in database. Facepalm

oh okay sorry, i got you

thanks

yes in the database its encrypted but if the user wants to login then they have to put in the encrypted password, but it should be the original password they created

thats what im having trouble with

Hi RaRa3, I'm not quite sure about the question you're asking but here is how you would hash a password and insert it into a database

Your HTML <form> element should be a POST request. (Using GET requests for passwords is a bad idea)

It should look like this <form action="" method="post">...</form>

<?php //CORRECTED VERSION//GET ALL THE VALUES AND STORE THEM INTO VARIABLES$firstname = $_POST["firstName"];$lastname = $_POST["lastName"];$user = $_POST["username"]$pass = $_POST["pass"]; //We first store the value of the password to $pass$email = $_POST["email"];$address = $_POST["address"];//HASH PASSWORD$pass = md5($pass); //We hash the value of $pass//INSERT THEM INTO DATABASE$sql = "INSERT INTO UserAccount (firstName, lastName, userName, password, email, address) VALUES ('$firstname','$lastname','$user','$pass','$email','$address')";$res=mysql_query($sql); //We INSERT $pass(HASHED) into the database, not $_POST["pass"](NOT HASHED)

<?php //start php tag//include connect.php page for database connectioninclude('connect.php');//if submit is not blanked i.e. it is clicked.if(isset($_POST['submit'])) { //You do not need the !="". This line is enough for checking if a button has been clicked$firstname = $_POST["firstName"];$lastname = $_POST["lastName"];$user = $_POST["username"]$pass = $_POST["pass"];$email = $_POST["email"];$address = $_POST["address"];if(empty($firstname) || empty($lastname) || empty($user) || empty($pass) || empty($email) || empty($address)) { //Try using the built in empty() function to detect blank fields. Much easierEcho "Please fill the empty field(s).";}Else{//////////REPLACE THIS WITH CODE IN THE ABOVE SECTION//////////////$sql = "INSERT INTO UserAccount (firstName, lastName, userName, password, email, address) VALUES ('$_POST[firstName]','$_POST[lastName]','$_POST[user]','$_POST[pass]','$_POST[email]','$_POST[address]')";$password = md5($pass);$res=mysql_query($sql);This code will not work.. Notice how you have not defined $pass or $password yet? and your values are directly taken from a POST[] Request///////////////////////////////////////////////////////////////////if($res){Echo "Thank you for signing up";}Else{Echo "There is some problem in inserting record";}}}?>

Tips for next time:

1. You should really start using mysqli_query since mysql_query is deprecated

2. When you're getting a value from a form please first store it into a variable first. Then you can manipulate the variable.

3. This code is insecure, you should use functions such as mysql_real_escape_string() or stripslashes() to prevent SQL INJECTION Measures.

4. Always use POST[] requests when handling sensitive data (passwords etc.). I'd prefer you stay away from the REQUEST[] operator.

Wow Thanks so much you helped me a lot! but i have a question now, it does store a hashed password into the database, but now if i was to have someone login after registering they cant use the password they created the hashed one is the one that works, how can i make it so when the user logs in they use the password they created? is that possible?

MD5 is not a secure hashing algorithm. It's far too easy to crack. See details right in the PHP manual: http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

 

Consider using PHP's crypt() function with Blowfish or SHA-512 algorithms.

 

addslashes() (not stripslashes() because that doesn't escape the code at all) is not a sure way to prevent injection, use escape_string(), but even that is not ideal. Ideally, you would use Prepared Statements

well its jsut gor a project now so something simple to show "security"

thanks for your comment

Nevermind

none

thanks for your comments well its actual for a project im working on its not offical im running it on a local host it just has to prove that the user exists and can log in after he or she registers

hello so i created a registration page in html and a php code to connect to a database and enter the information to the database that all works. Now i want to ask if the user wants to log in would they need a separate php code to have a sort of certification that the account is valid? i made a html page for login but i need it to look back to the database to see if the user is registered so they can log in, not just anyone can log in...any ideas? or advice where i can find information about this? i see a lot of tutorials for making a log in page, making a registration page but how about when someone registers and wants to log in but to make sure the database can also check to see if the user is registered.

thanks so much! i got it to work! now im working on a login, thank you!

Connected successfullyNotice: Undefined index: firstName in /Applications/XAMPP/xamppfiles/htdocs/register.php on line 7please fill the empty field.

i fixed it and got connected successfully but i still dont see an error in that line..idk

okay ill check it out, thank you!

should the line look like this?

$conn = localhost(‘Shop','root','password');

thanks im going to read about it now

does it mention about how sql works with php?

i updated my codes

ohhh okay well im using textedit i have a mac, i know i should use netbeans or something but idk i feel comfortable with textedit,

now also im getting an error for the connect php file

Warning: mysqli_connect(): php_network_getaddresses: getaddrinfo failed: nodename nor servname provided, or not known in /Applications/XAMPP/xamppfiles/htdocs/connect.php on line 7Warning: mysqli_connect(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: nodename nor servname provided, or not known in /Applications/XAMPP/xamppfiles/htdocs/connect.php on line 7Connection failed: php_network_getaddresses: getaddrinfo failed: nodename nor servname provided, or not known

oh thanks i missed that i dont know why anytime i edit a word in quotations it automatically changes the delimiter, but also i have a question for that line

$conn = mysqli_connect($Shop, $root, $password);

my database name is called shop, and the username is root and the password is a actual password but i put password so i dont reveal it, now do i actually change them to fit the description of the database or put $hostname, $username, $ password ?

does the "$" also need to be included?

hello so i am making a registration page using html and php, i need to make the information send to mysql that i made with table but i never made select statements..i am not sure on how to make it i need help i am new to this so please bare with me. So I this code to connect to mysql

none

I am not sure how to fix it i know there must be a problem with the code for the submit line and with the isset. I got them from another user but made minor changes to fit my database. My database has 2 tables one named UserAccount with the information listed in the registration page and then another table named Cart for purchases to be made.

Please if you can help me with my code or if you see other errors i think i might have an error with my php where i put firstName, and etc.

and if you know any other material or links that would help me for making product information and a cart send to a database if you can share it, im trying but having many issues

oh thank you that worked! i didnt know sorry im new to php. is there any other way? it only can run on a local host or be viewed in local host?

--

i did that it is in the htdocs folder but any php file i open i get an error

well i have xampp but it still isnt helping run php codes i will try mamp

hello i have a problem i just want to run a simple php code, it use to work but i think once i updated to Yosemite something changed im not sure. So i want to create a php code that links with a database, but right now im doing a test code and i get nothing. I use XAMPP and i turned everything on and i used netbeans and set a php file hit run and i get "Object Not Found!" what is there i need to do? I know in XAMPP there PHP extension that can be turned on but when i use terminal to enter the code lines i get command not found. I need help please i just want to run right now this code:

bump

--

okay thanks i did do that, by doing that it should act like if it running on a server?

thanks again, you have helped a lot