0

Updated code still not working?

<?php

$host="localhost"; 
$username="root"; 
$password="power1"; 
$db_name="members"; 
$tbl_name="users"; 

string sha1 ( string $Password [, bool $raw_output = false ] )

$link  = mysql_connect("$host", "$username", "$password")or die("cannot connect. Please contact us");
mysql_select_db("$db_name")or die("cannot select DB. Please contact us");

$Email=$_POST['Email'];
$Password=$_POST['Password'];

$Email = stripslashes($Email);
$Password = stripslashes($Password);
$Email = mysql_real_escape_string($Email);
$Password = mysql_real_escape_string($Password);

$sql="SELECT * FROM $tbl_name WHERE Email='$Email' AND password ='$Password'";
$result=mysql_query($sql, $link) or die ('Unable to run query:'.mysql_error());

$count=mysql_num_rows($result);

if($count==1){
session_register("Email");
session_register("Password");
header("location:login_success.php");
}
else {
echo "Wrong Email or Password. Please Wait.<meta http-equiv='REFRESH' content='1;url=login.php'>";
}
?>
spencer
  • 33
  • 3
  • 4
  • 9

4 Answers4

1

Firstly, check out this question and this post on how to store passwords in the database.

As for your question specifically, the process is

During registration>>
Plain text -> Hash Function -> Hashed Password

During login>>
Plain text password entered by user -> Hashed password -> Check against stored hash

Hope this helps!

Community
  • 1
  • 1
Sukumar
  • 3,502
  • 3
  • 26
  • 29
0

If you store the encrypted password in your database (which you should, even though if hashing with md5 or sha1 would be more secure), then you just encrypt it and select the user account with the encrypted password.

$encPass = encrypt($_POST['password'], $key)
$sql = "SELECT * FROM $tbl_name WHERE Email='"
    . mysql_real_escape_string($_POST['email'])
    . "' AND password = '"
    . mysql_real_escape_string($encPass) . "'";

Also make sure to escape all inputs when using them in an SQL query - otherwise your app is open to SQL injection attacks.

cweiske
  • 30,033
  • 14
  • 133
  • 194
  • I'm sorry but i am very beginner how would i go along doing this? Sorry – spencer Jul 04 '11 at 07:34
  • thank you so i would put this instead of : function encrypt($Password, $key) { $result = ''; for($i=1; $i<=strlen($Password); $i++) { $char = substr($Password, $i-1, 1); $keychar = substr($key, ($i % strlen($key))-1, 1); $char = chr(ord($char)+ord($keychar)); $result.=$char; } return asc2hex($result); } $sql="SELECT * FROM $tbl_name WHERE Email='$Email' AND password ='$Password'"; $result=mysql_query($sql, $link) or die ('Unable to run query:'.mysql_error()); – spencer Jul 04 '11 at 07:38
0

If I've understood your question correctly, I think what you're looking for is something like this:

$Password = encrypt($_POST['Password'], $key);

Then, in your SQL query, $Password will contain the encrypted version and will match the encrypted password in the database.

However, it may be easier to forget about your custom encrypt function and use a built-in PHP hash function, such as sha1.

James Allardice
  • 164,175
  • 21
  • 332
  • 312
  • @spencer - All you have done is copy the function signature from the documentation! You need to actually call the function: `$Password = sha1($password);` – James Allardice Jul 04 '11 at 08:09
  • haha that totally sounds like something i would do thanks i fixed it (you fixed it) haha – spencer Jul 04 '11 at 08:13
-1

you can use md5 hash which is supported by php

http://php.net/manual/en/function.md5.php

md5 hash the password when user registers and then compare it everytime user tries to login

If your are passing your password on http protocol then md5 it on client side using javascript so that it will be more safer

js md5: http://pajhome.org.uk/crypt/md5/

Sandeep Manne
  • 6,030
  • 5
  • 39
  • 55