OK,
I have a login page and a Create New User page(using Dreamweaver MX and some personal modifications) created which uses the MySQL password() function to encrypt the password field of my databases. It works, the password field is encrypted.
Now I am having problems with the login page. I have to use the PASSWORD() function a certain way to get the page to allow a login, otherwise it will not let any user in...the problem is that it behaves as if the password doesn't even exist. So long as the username is correct, it will allow access to the site without even entering the correct password or leaving the field blank.
Most of my code is below. Would appreciate anyhelp if anyone has experienced this before. Thanks.
<?php
$myUsername_rsLogin = "0";
if (isset($HTTP_POST_VARS['username'])) {
$myUsername_rsLogin = (get_magic_quotes_gpc()) ? $HTTP_POST_VARS['username'] : addslashes($HTTP_POST_VARS['username']);
}
$myPassword_rsLogin = "0";
if (isset($HTTP_POST_VARS['password'])) {
$myPassword_rsLogin = (get_magic_quotes_gpc()) ? $HTTP_POST_VARS['password'] : addslashes($HTTP_POST_VARS['password']);
}
mysql_select_db($database_Board, $Board);
// Verify Login is correct
$password=$HTTP_POST_VARS['password'];
$query_rsLogin = sprintf("SELECT username, password, access FROM users WHERE username= '%s' AND password = PASSWORD('$password'='%s')", $myUsername_rsLogin,$myPassword_rsLogin);
$rsLogin = mysql_query($query_rsLogin, $Board) or die(mysql_error());
$row_rsLogin = mysql_fetch_assoc($rsLogin);
$totalRows_rsLogin = mysql_num_rows($rsLogin);
?>
