Here's the deal. I'm using a vbulletin message board and I just upgraded to the newest version which uses the md5 function on all passwords now. ..which screws up my simple little system I put together to protect various sections of my site using the username and password from vbulletin.
This is the script I've been using, which doesn't work anymore due to the new encryption (md5). It basically just sets a cookie if the username and password is good.
<?
if($cookie) { header("Location:http://www.wherever.com/page.php"); }
if($username && $password) {
if(mysql_connect("localhost","dbname","dbpassword")){
if($a = mysql("dbname","SELECT username,password from user where username='$username' and password='$password'")) {
$result = mysql_fetch_row($a);
if(($result[0] == "$username") && ($result[1] == "$password")) {
setcookie ("cookie" , "$username" , time()+216000);
header("Location:http://www.wherever.com/page.php");
}
else { $error1 = "Login Failed! Please try again."; }
}
}
else { $error1 = "Database connect failed"; }
}
?>
Can you point me in the right direction to decrypt the password (or whatever) before comparing it with the username? Thanks!
