varchar
[Resolved] md5 and login problem/register
so anyone know whats wrong?
wow thats weird, I think seriously think is because of the form field in the register section is set to password. and I tried your script with the form field set as regular and insert it it didnt encrpyt it, so I guess mysql has its own little functions
Does it work if you use TEXT rather than varchar?
Text works, but i do want it encrypted with md5, i was just confused because i hadnt added it... anyways, my problem now is when i try to login, it accepts any password you enter. it always says Thank you for logging in. it never denies.
i have built a login script for a book for Wrox i was writing before they went bankrupt, if you want to check it out, email me at jcstolz@msn.com
well, I'm not sure about the mysterious md5 hash.
Why dont you calculate the hash of a test password, register a test user with this test password, then compare the stored data?
There could well be some other reason for this strange behaviour.
I might suspect that somehow the $passwd variable is predefined in your server or something.
Storing the username and password as VARCHAR is fine, you shouldnt use TEXT.
Also, I would recommend that you use $_POST[] array to access the variables submitted by your form, and to ensure that quotes do not potentially allow SQL injection in your queries.
any thoughts on why it accepts any password i use to log in?
and i'm using varchar now for the passwd, and its not encrypting it. wierd...
okay... that's good.
now start placing checks.
output the password (the one sent during login) at various points.
check the password of your current test account(s).
the login works perfectly. but how do i "kill" a cookie if the user logs in incorrectly, or just types in a wrong password?
and.. how would i go about making a "logout" function
Read the PHP manual on the setcookie() function.
Actually, in your login script logic, you might want to change it such that cookies are set only on a successful login.
so something like....
if($affected_rows == 1)
{
setcookie("username", $username);
setcookie("passwd", $passwd);
}
also, i have this login script in the middle of the page, and it gives me this header error, how can i fix it?
Warning: Cannot modify header information - headers already sent by (output started at C:\Documents and Settings\Administrator\Desktop\HazardNet\login\login.php:12) in C:\Documents and Settings\Administrator\Desktop\HazardNet\login\login.php on line 443
edit #3:
GREEEATT, i found another error. when i try to register a second name, it says the one i registered first is taken...
example:
1) i register the name Blade
2) login, works (to an extent)
3) i register the name Test
4) login, "Blade is taken, please try again"
dont use $username straight away
use $POST['username'] or $username = $POST['username']
likewise access cookies using $_COOKIE['username']
i don't know if anyone solve the current problem, but anyway i will help in also.
if you want to delete the cookie then set cookie to 0 value, which will make the cookie value to false.
dont use username straight away
use $POST['username'] or $username = $POST['username']
make sure your register_globals is off in your php.ini file.
you can also trun this off by using ini_alter() or ini_set() function.
ex:
// This is for security resons and can make your script more safers then it is.
ini_alter('register_globals', false);
first,
don't run this mysql_connect() when your script haven't decide whether to query or not.
second,
mysql_select_db('Hazardnet', $connection) or die(mysql_error());
you don't need explicitly insert the $connection once you have connected to database.
enough with mysql_select_db( 'Hazardnet' ); because mysql will open up the last link identifier. <= follow me unless you are using more than 1 database server.
third,
please trim the input when you want to use it as ID ... and check if they want to have ID like "jimson chang"...
fourth,
consider to use md5 javascript which can enchance your login process at least the id and password not transmitted in a very raw method.
fifth,
the problem you can log on with any password because the cookie problem. Once you have log on, any other attempt to log on will result true. You didn't clear the cookie after successfull log on. So, when you try to register again using other name, the script read your current ID....
sixth,
check php.ini file and do the following...
register_globals = off
when i turn globals off, my other scripts are messed up, i dont want to redo them... :\
you like your old style soo much... then...
ok..
i can't do anything...
i want to help you...
but you see....
if you stick with globals = on, you won't grow...
jimsom, give him a break, just because he was used to the old
register_globals, doesn't mean he won't grow, it just means that he may have more problems in the future, even if register_globals is on, you can still code as if it were off and still have the same effect as if it were off, so if he is doing new scripts, he will be fine
yup,.
maybe i got to change my tune...
Mark... go ahead with globals on... it is good a practice...
don't redo your script because it will waste your time...
stick with globals on because it will make programming easier... to develop ...
tired liao...
i'm dont exactly understand the new stuff. why did they change it, and how is it better?