garyblackpool Posted March 9, 2010 Share Posted March 9, 2010 Hi,Could someone help me please. My script doesn't seem to be working. I believe it to be the mysql query, that isnt encrypting the the password. Unfortunately I cant figure it out.Thanks <?php include ("../../connect.php"); if ($_GET["self"] == "login") { if (!$_POST["username"] || !$_POST["pass"]) { die("You need to provide a username and password."); } // Create query$q = "SELECT * FROM alc_user" ."WHERE username = \'{$_POST["username"]}\'" ."AND pass= MD5('{$_POST["pass"]}')" ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: logged.php"); } else { // Login not successful check echo " {$_POST["username"]}"; echo " {$_POST["pass"]}" ; } } else { echo "<form action=\"?self=login\" method=\"post\">"; echo "Username: <input name=\"username\" size=\"15\"><br />"; echo "Password: <input type=\"password\" name=\"pass\" size=\"8\"><br />"; echo "<input type=\"submit\" value=\"login\">"; echo "</form>"; }?> Link to comment Share on other sites More sharing options...
justsomeguy Posted March 9, 2010 Share Posted March 9, 2010 Did you print your query out to see what it looks like? Link to comment Share on other sites More sharing options...
garyblackpool Posted March 9, 2010 Author Share Posted March 9, 2010 Did you print your query out to see what it looks like?No, how do i do that? thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted March 9, 2010 Share Posted March 9, 2010 Just use echo or print to print the variable you're sending to mysql_query. Link to comment Share on other sites More sharing options...
garyblackpool Posted March 9, 2010 Author Share Posted March 9, 2010 Just use echo or print to print the variable you're sending to mysql_query.sorry i am not the quickest lol. SELECT * FROM alc_userWHERE username = \'gary\'AND pass= MD5('beer')LIMIT 1] Link to comment Share on other sites More sharing options...
justsomeguy Posted March 9, 2010 Share Posted March 9, 2010 Is your table called alc_userWHERE? Link to comment Share on other sites More sharing options...
garyblackpool Posted March 9, 2010 Author Share Posted March 9, 2010 Is your table called alc_userWHERE?Erm no its not. The spacing does seem to be right now but the query is not going though.it returns:SELECT * FROM alc_user WHERE username = \'gary\' AND pass= MD5(beer) LIMIT 1 thanks Link to comment Share on other sites More sharing options...
justsomeguy Posted March 9, 2010 Share Posted March 9, 2010 It should be like this:SELECT * FROM alc_user WHERE username = 'gary' AND pass= MD5('beer') LIMIT 1Also, you can check for errors directly with mysql_query:mysql_query($query) or exit(mysql_error()); Link to comment Share on other sites More sharing options...
garyblackpool Posted March 9, 2010 Author Share Posted March 9, 2010 Whoop! Whoop! Thanks very much its working now.Gary Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.