grappy Posted April 19, 2007 Share Posted April 19, 2007 well, this is my code. <?phpecho "<table width='800' border='0' cellspacing='0' cellpadding='0' align='center' >\n"."<tr>\n". "<th width='798' colspan='2' height='170'>\n". "<img src='../../banner.png' alt='welcome to the image gallery' width='798' height='170'/></th>\n". "</tr>\n". "<tr>\n". "<th colspan='1' width='160' valign='top' bgcolor='#CCCCCC' height='800'>\n". "<a href='../../index.php' class='navigation'><li class='navigation'>Home</li></a>\n";$con = mysql_connect("localhost","lewke_acc","123456");if (!$con) { die('Could not connect: ' . mysql_error());}//selects databasemysql_select_db("lewke_image", $con);//creates the query including the variables$user = $_SESSION['logname'];$query = "SELECT ('acc_un','acc_pw') FROM accounts WHERE acc_un=.$user.";//sends the query to mysql$result = mysql_query($query);$row = (mysql_fetch_array($result));if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw'])){echo "<a href='/1/".$user."' class='navigation'><li class='navigation'>Logged in as ".$user."</li></a>";}else{echo "<a href='../../login.php' class='navigation'><li class='navigation'>Login</li></a>";}echo "<a href='../../register.php' class='navigation'><li class='navigation'>Register</li></a>\n". "<a href='../../browse.php' class='navigation'><li class='navigation'>Browse</li></a>\n". "<a href='../../contact.php' class='navigation'><li class='navigation'>Contact Us</li></a>\n". "<a href='../../filestypes.php' class='navigation'><li class='navigation'>Image Filetypes</li></a>\n". "<a href='../../terms.php' class='navigation'><li class='navigation'>Terms & Conditions</li></a>\n";//creates the query including the variables$query = "SELECT * FROM accounts WHERE acc_un =.$user.";//sends the query to mysql$result = mysql_query($query);$row = (mysql_fetch_array($result));if (($_SESSION['logname']=$row['acc_un'])&&($_SESSION['443f']=$row['acc_pw'])){ echo "<form class='browse' action='../uploadscript.php'><input name='search' type='file' maxsize='2000000' size='9'/><input name='submit' type='submit' value=' Upload! '/>\n"."<br /><em class='formstext'>Accepted file formats are .JPG, .GIF, .PNG, .BMP, .PSD<br />Files must be no larger than 2MB each</em></form>";}echo "</th>\n". "<th width='638' colspan='1' class='content' valign='top'>\n";print_r ($_SESSION);?> and for some reason the sessions merge after i try $user = $_SESSION['logname']; if i use print_r at the top of the page, they are entirely unmerged, however when i use it at the bottom, this is the output Array ( [logname] => [443f] => 8277e0910d750195b448797616e091ad ) ^37 long which is supposed to be a md5 hash encryption, and in this case d is the login name, with the first 36 being the acutal hash.i have no idea on it =\ Link to comment Share on other sites More sharing options...
Kevin M Posted April 19, 2007 Share Posted April 19, 2007 So you're encrypting the username with the md5() function? If you do that, then the md5 hash will be sent to the database as the username, and the database, rather than having the username (d) it would have the md5 hash in it. So to display the username on a page, you would have to decrypt it, which I'm not sure if this is possible with md5. Why not just encrypt the password? A person can't really get anywhere with the username, but with a password they can.I may be entirely wrong on this, but I think you would have to decrypt the md5 username hash to display the name. Whereas if the name was never encrypted in the first place, then the database's records would show d rather than the hash, and you would be able to display the username.I'm not totally sure, and that might not make any sense. I'm sure someone with more knowledge than me will be able to help you more. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 19, 2007 Share Posted April 19, 2007 This is the problem:if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw']))You are using assignment, not comparison. You are assigning $_SESSION['logname'] to whatever the value of $row['acc_un'] is, and you are assigning $_SESSION['443f'] to whatever $row['acc_pw'] is. The = operator is for assignment, if you want to compare 2 values you need to use the == operator. Also, an MD5 hash is 32 bytes, not 36. Link to comment Share on other sites More sharing options...
grappy Posted April 20, 2007 Author Share Posted April 20, 2007 This is the problem:if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw']))You are using assignment, not comparison. You are assigning $_SESSION['logname'] to whatever the value of $row['acc_un'] is, and you are assigning $_SESSION['443f'] to whatever $row['acc_pw'] is. The = operator is for assignment, if you want to compare 2 values you need to use the == operator. Also, an MD5 hash is 32 bytes, not 36.i was told 36 , and i thought it was the other way round, its allways a stupid mistake for me Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now