Hi I am fairly new to php scripting and am building a e-commerce solution for my dissertation. One problem I am facing is the log-in system password encryption, im using a tutorial I found on the net but It is not working. The code is as follows:
function doLogin()
{
// if we found an error save the error message in this variable
$errorMessage = '';
$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND user_password = PASSWORD('$password')"
$result = dbQuery($sql);
Allthough I know the username and password is the same the dialog box refuses to log me in. When i change the script to
user_password = '$password'"
and edited the sql with a password to match but this is obviously a plain text password and I need to add levels of security. Is their a configuration im missing in my php or mysql? Any advice will be appreciated!
