Thread: PHP form password with MD5
View Single Post
Old 03-25-2009, 10:18 AM   #9 (permalink)
murdocsvan
murdocsvan's Avatar
 
Ultra Techie

Join Date: Jun 2007

Location: Surrey, UK

Posts: 849

murdocsvan is on a distinguished road
Default Re: PHP form password with MD5
EPIC WIN!!!

I got it to work!! =D=D=D

I used some of the code you gave me, and some stuff i found laying around the internet. I chose to use just sha1 instead of the salt method.

This is the login form:

Code:
<html>
<body>
<head>
<meta name="robots" content="noindex, nofollow" />
<meta name="robots" content="noarchive" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>

<body>

<table class="login">
	<tr>
		<td class="login">
			<form name="login" action="checklogin.php" method="post">
				Username: <input type="text" name="username" /><br />
				Password: <input type="password" name="password" /><br />
				<input type="submit" value="Submit" />
				<input type="reset" value="Reset" />
			</form>
		</td>
	</tr>
</table>


</body>
</html>
This is the login check page:

PHP Code:
<?php

$host="localhost"// Host name 
$sql_username="*****"// Mysql username 
$sql_password="*****"// Mysql password 
$db_name="*****"// Database name 
$tbl_name="******"// Table name 

//mysql Connect variable
$con mysql_connect("$host","$sql_username","$sql_password");

//if the mysql connect variable can't connect, die
if(!$con)
    {
    die('Could not connect: ' mysql_error());
    }

//Database select
mysql_select_db($db_name$con);

//Fetch username and password from previous form
$username=$_POST['username']; 
$password=$_POST['password']; 

//Protect against mysql Inject
$username stripslashes($username);
$password stripslashes($massword);
$username mysql_escape_string ($_POST['username']);
$password mysql_escape_string ($_POST['password']);

$password=sha1($password);

//Check that fields aren't left blank
if (!empty ($username) && !empty ($password))
    {        
    mysql_select_db("vmrgjdq_primary"$con);
    
    //select the data from the table and set it to a variable
    $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
    $result=mysql_query($sql,$con);
    
    //count number of rows in table
    $count=mysql_num_rows($result);

    if($count==1)
        {
        // Register $myusername, $mypassword and redirect to file "login_success.php"
        session_register("username");
        session_register("password"); 
        header("location:login_success.php");
        }
    else 
        {
        echo "Error: Wrong Username or Password";
        }
    }
else
    echo "Error: No username or password";
    
?>
and last but not least, the login_succesful page:

PHP Code:
<?php

session_start();

if(!session_is_registered(username))
    {
    header("location:main_login.php");
    }
    
?>
    
<html>
<head>
<title>Login Successful!/title>
<meta http-equiv="REFRESH" content="0;url=http://www.the-domain-you-want-to-redirect-to.com">
</head>

<body>
Login Successful!
<br /><br />
Redirecting to Admin page...
</body>
</html>
*weeps tear of joy*
__________________

Last edited by murdocsvan; 03-25-2009 at 11:28 AM.
murdocsvan is offline