Hi,
i have this problem with my login authentication. it cannot match the password from the database table field password to the input password in the login form.
I used the md5 encryption.Please help me solve this...
The Index page:
<?php
session_start();
$page = 'index';
include_once('inc/inc.header.php');
$m = $_GET['module'];
include_once('inc/inc.menu.php');
echo '<div>';
switch($m){
case "login":
include_once('mod/authenticate.php');
break;
case "logout":
include_once('lib/logoff.php');
break;
default:
echo 'Log in first...';
}
echo '</div>';
include_once('inc/inc.footer.php');
?>
The Authenticate page:
<?php
session_start();
$page='authenticate';
include_once('inc/inc.config.db.auth.php');
include_once('lib/functions.php');
$error = 0;
echo 'User Authentication';
if (isset($_POST['submit'])){
$usernm = $_POST['username'];
$passwd = $_POST['password'];
// not full proof but an extra layer of protection from external posting
if ((left($_SERVER['HTTP_REFERER'],7,5)) == (left('['HTTP_HOST'],7,5))) {
// step 1: check if user exists
$User = CheckUser($usernm, $passwd);
}
else {
// redirect
$error = 1;
session_destroy();
}
}
?>
<form name="frmLogin" method="post" action="<? $PHP_SELF; ?>">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwd"></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
*** the function CheckUser i used
function CheckUser($usernm, $passwd){
/* Verify if user exist in the database */
$query1 = "Select username,password from users where username = '$usernm'" ;
$query = mssql_query($query1);
/* Retrieve password */
$fetch = mssql_fetch_array($query);
/* Validate if password is correct*/
$passen = md5($pass);
if ($fetch['password']==$passen){
echo "password match";
}
/*else{
echo '<br><strong>'."Invalid Username and Password".'</strong>';
} */
}
i have this problem with my login authentication. it cannot match the password from the database table field password to the input password in the login form.
I used the md5 encryption.Please help me solve this...
The Index page:
<?php
session_start();
$page = 'index';
include_once('inc/inc.header.php');
$m = $_GET['module'];
include_once('inc/inc.menu.php');
echo '<div>';
switch($m){
case "login":
include_once('mod/authenticate.php');
break;
case "logout":
include_once('lib/logoff.php');
break;
default:
echo 'Log in first...';
}
echo '</div>';
include_once('inc/inc.footer.php');
?>
The Authenticate page:
<?php
session_start();
$page='authenticate';
include_once('inc/inc.config.db.auth.php');
include_once('lib/functions.php');
$error = 0;
echo 'User Authentication';
if (isset($_POST['submit'])){
$usernm = $_POST['username'];
$passwd = $_POST['password'];
// not full proof but an extra layer of protection from external posting
if ((left($_SERVER['HTTP_REFERER'],7,5)) == (left('['HTTP_HOST'],7,5))) {
// step 1: check if user exists
$User = CheckUser($usernm, $passwd);
}
else {
// redirect
$error = 1;
session_destroy();
}
}
?>
<form name="frmLogin" method="post" action="<? $PHP_SELF; ?>">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwd"></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
*** the function CheckUser i used
function CheckUser($usernm, $passwd){
/* Verify if user exist in the database */
$query1 = "Select username,password from users where username = '$usernm'" ;
$query = mssql_query($query1);
/* Retrieve password */
$fetch = mssql_fetch_array($query);
/* Validate if password is correct*/
$passen = md5($pass);
if ($fetch['password']==$passen){
echo "password match";
}
/*else{
echo '<br><strong>'."Invalid Username and Password".'</strong>';
} */
}