PHP/MySql login form with MD5 encription problems...

james_shaver

I've been trying to get this login form to work, but it's not recognizing my password in MySql. I know the password is right, I imported the sql tables from another site of my that I use this successfully at.

Any help would be greatly appreciated!

my config file:
http://scaboard.org/login_form/config.txt

my login form:
http://scaboard.org/login_form/login.txt

drawmack

I'll take a troll through your code it you post a version with windows line breaks.

james_shaver

Alright.....does this help?

my config file:
http://scaboard.org/login_form/config.htm

my login form:
http://scaboard.org/login_form/login.htm

drawmack

my guess would be it's this line
$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND password='$encryptedpassword'";

what it the query that you use to store the password in your database?

my guess is that you've got to do one of the following things:

$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND md5(password)=md5('$password')";
//or
$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND password=md5('$password')";
//or
$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND password=password('$password')";

also you should be running addslashes on $username and $password before putting them into a sql query to avoid injection.

james_shaver

This is the query I use:
<?php

} else {

$encryptedpassword = md5($password);

$sql = "INSERT INTO staff (adminname,access,password,language,template) VALUES ('$adminname','$new_access','$encryptedpassword','$default_language','$default_template')";

if ($adminname && $access && $password){ // CHECKS TO SEE IF REQUIRED FIELDS ARE FILLED IN

$result = mysql_query($sql);

I tried changing it to what you suggested without luck....