Hi,
I have stored username and password into a database under mySQL. I inserted the password as "password('passwd')".
The following is my php code:
if($loginname=="" || $password=="") {
include($invalidlogin_page);
exit;
}
else
{
@ $db=mysql_pconnect("localhost","username","password");
if(!$db)
{
echo 'Cannot connect to database.';
exit;
}
$db=mysql_select_db('db');
if(!$db)
{
echo "Cannot select database";
exit;
}
$query="select count(*) from login_info where name='$loginname' and pass='$password'";
$result = mysql_query($query);
if(!result)
{
echo "Cannot run query.";
exit;
}
//Get number of rows in $result. 0 if invalid, 1 if valid.
$count = mysql_result($result,0,0);
if ($count > 0) {
header("Location $PHP_SELF?COOKIE_SET = 1");
?>
<p><center><a href="index2.html">Click Test Page</a></center></p>
<p><center><a href="welcome2.php">Click Welcome</a></center>
<?
exit;
}
else {
include($invalidlogin_page);
exit;
}
}
?>
Ok, sorry about the messed up code, my problem is that when I type in the correct username and the password from a php page, it still redirects me to the invalidlogin.html
However, if i store the information as regular string, it has no problem logging in. It only happens to the ones that has password encrypted by password() function. Maybe I am just using password() function in a wrong case. If so, I want to know how can I secure the password that's stored in the database, but still able to allow me to check to see if the log in username and password is in the database.
Thanks in advance.
Lily
