Jump to content
Sign in to follow this  
Panta

Login Script

Recommended Posts

please i have this login script but the problem is that i have names and password that i stored the password with md5, but it can not see them. the page is displayin "The Admin_name was not found."

<?php error_reporting(E_ALL);     ini_set('display_errors', 1);     include 'config.php';     $submit = isset($_POST['login']) ? $_POST['login'] : "";     $admin = isset($_POST['admin']) ? $_POST['admin'] : "";     $admin = mysql_real_escape_string(strip_tags(htmlspecialchars($admin) ) );     $password = isset($_POST['password']) ? md5($_POST['password']) : "";   $error_string = ''; # error_string is modified in db.php!  $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null)  if ($page_mode === 'login'){  if ($admin == '' || strlen($password) == 0) # password can be of spaces, which must not be trimmed!    $error_string .= 'Please enter your Admin_name and password.<br>';  else  {    $result = mysql_query("SELECT id, admin, password FROM principal WHERE admin='".$admin."' and password='".$password."';");    if (!($row = mysql_fetch_assoc($result)))      $error_string .= 'The Admin_name was not found.<br>';    else if ($row['password'] != ($password))      $error_string .= 'The password did not match.<br>';    else    {      $_SESSION['user_id'] = $row['id'];      $_SESSION['user_name'] = $row['admin'];      header('Location: alright');      exit();    }  }}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <head>    <title>Admin login page</title>    <style type="text/css">    .error_text {      color: #FF0000;      width: 400px;      text-align: center;    }    .left_box {      float: left;      width: 150px;      text-align: right;      padding-right: 5px;    }    .right_box {      clear: right;    }    </style>  </head>  <body>    <div class="error_text"><?php echo $error_string; ?></div>    <form action="adminlogin.php" method="post">    <input type="hidden" name="page_mode" value="login">    <div class="left_box">Admin</div>    <div class="right_box"><input type="text" name="admin" size="30" maxlength="255" value="<?php if (isset($admin)) echo $admin; ?>"></div>    <div class="left_box">Password</div>    <div class="right_box"><input type="password" name="password" size="30"></div>    <div class="left_box"> </div>    <div class="right_box"><input type="submit" value="Log In" size="30"></div>    </form>  </body></html>

Share this post


Link to post
Share on other sites

First, it's always going to display that one message regardless of whether the name wasn't found or the password was wrong. If the password was wrong it's still going to display that same message. If your name and password are stored in the database as MD5 hashes then you need to hash the values when you send them to the database to check.

Share this post


Link to post
Share on other sites

Try to do this principle with EVERY single thing that you insert, update or select from the database. What I mean:use for example mysql_real_escape_string(); to prevent strings or something to disrupt your mysql query and use something like html_entities(); to prevent the database output (first prevented by mysql_real_escape_string(); to disrupt your query) from messing up your xhtml code.

<?php$string = "photo's";mysql_real_escape_string($string);//Database query inserts the $string.....//Database query outputs the stringecho "<input type='text' name='testfield' value='".$string."'>";?>

When you look at your source, you will find this html code:<input type='text' name='testfield' value='photo's'>Do you see the error on 'photo's'> ??Same counts for MD5. First store it using MD5 then get it back using the same way or return it using the opposite (luckily there is no way to return a password once it has been MD5th haha)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...