Jump to content

stumped.


grappy
 Share

Recommended Posts

well, this is my code.

<?phpecho "<table width='800' border='0' cellspacing='0' cellpadding='0' align='center' >\n"."<tr>\n".	  "<th width='798' colspan='2' height='170'>\n".	  "<img src='../../banner.png' alt='welcome to the image gallery' width='798' height='170'/></th>\n".	  "</tr>\n".  "<tr>\n".	  "<th colspan='1' width='160' valign='top' bgcolor='#CCCCCC' height='800'>\n".	  "<a href='../../index.php' class='navigation'><li class='navigation'>Home</li></a>\n";$con = mysql_connect("localhost","lewke_acc","123456");if (!$con) {  die('Could not connect: ' . mysql_error());}//selects databasemysql_select_db("lewke_image", $con);//creates the query including the variables$user = $_SESSION['logname'];$query = "SELECT ('acc_un','acc_pw') FROM accounts WHERE acc_un=.$user.";//sends the query to mysql$result = mysql_query($query);$row = (mysql_fetch_array($result));if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw'])){echo "<a href='/1/".$user."' class='navigation'><li class='navigation'>Logged in as ".$user."</li></a>";}else{echo   "<a href='../../login.php' class='navigation'><li class='navigation'>Login</li></a>";}echo   "<a href='../../register.php' class='navigation'><li class='navigation'>Register</li></a>\n".	  "<a href='../../browse.php' class='navigation'><li class='navigation'>Browse</li></a>\n".	  "<a href='../../contact.php' class='navigation'><li class='navigation'>Contact Us</li></a>\n".	  "<a href='../../filestypes.php' class='navigation'><li class='navigation'>Image Filetypes</li></a>\n".		  "<a href='../../terms.php' class='navigation'><li class='navigation'>Terms & Conditions</li></a>\n";//creates the query including the variables$query = "SELECT * FROM accounts WHERE acc_un =.$user.";//sends the query to mysql$result = mysql_query($query);$row = (mysql_fetch_array($result));if (($_SESSION['logname']=$row['acc_un'])&&($_SESSION['443f']=$row['acc_pw'])){ echo "<form class='browse' action='../uploadscript.php'><input name='search' type='file' maxsize='2000000' size='9'/><input name='submit' type='submit' value=' Upload! '/>\n"."<br /><em class='formstext'>Accepted file formats are .JPG, .GIF, .PNG, .BMP, .PSD<br />Files must be no larger than 2MB each</em></form>";}echo  "</th>\n".	"<th width='638' colspan='1' class='content' valign='top'>\n";print_r ($_SESSION);?>

and for some reason the sessions merge after i try

$user = $_SESSION['logname'];

if i use print_r at the top of the page, they are entirely unmerged, however when i use it at the bottom, this is the output

Array ( [logname] => [443f] => 8277e0910d750195b448797616e091ad )

^37 long which is supposed to be a md5 hash encryption, and in this case d is the login name, with the first 36 being the acutal hash.i have no idea on it =\

Link to comment
Share on other sites

So you're encrypting the username with the md5() function? If you do that, then the md5 hash will be sent to the database as the username, and the database, rather than having the username (d) it would have the md5 hash in it. So to display the username on a page, you would have to decrypt it, which I'm not sure if this is possible with md5. Why not just encrypt the password? A person can't really get anywhere with the username, but with a password they can.I may be entirely wrong on this, but I think you would have to decrypt the md5 username hash to display the name. Whereas if the name was never encrypted in the first place, then the database's records would show d rather than the hash, and you would be able to display the username.I'm not totally sure, and that might not make any sense. I'm sure someone with more knowledge than me will be able to help you more. :)

Link to comment
Share on other sites

This is the problem:if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw']))You are using assignment, not comparison. You are assigning $_SESSION['logname'] to whatever the value of $row['acc_un'] is, and you are assigning $_SESSION['443f'] to whatever $row['acc_pw'] is. The = operator is for assignment, if you want to compare 2 values you need to use the == operator. Also, an MD5 hash is 32 bytes, not 36.

Link to comment
Share on other sites

This is the problem:if (($_SESSION['logname'] = $row['acc_un']) && ($_SESSION['443f'] = $row['acc_pw']))You are using assignment, not comparison. You are assigning $_SESSION['logname'] to whatever the value of $row['acc_un'] is, and you are assigning $_SESSION['443f'] to whatever $row['acc_pw'] is. The = operator is for assignment, if you want to compare 2 values you need to use the == operator. Also, an MD5 hash is 32 bytes, not 36.
i was told 36 :), and i thought it was the other way round, its allways a stupid mistake for me :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...