Hi, I want to verify that the user has entered the correct password on a register page by making him enter it twice. However, if the passwords match or not, the same error comes up saying that they do not match. What am I doing wrong? if(isset ($_POST['submit'])) { $username = @mysql_escape_string($_POST['username']); $password = @mysql_escape_string(sha1($_POST['password'])); $vpassword = @$_POST['vpassword']; $email = @mysql_escape_string($_POST['email']); if(@$_POST['password'] != @$_POST['vpassword']) { echo 'Your passwords do not match'; } elseif (!empty($username) && !empty($password) && !empty($email)) { $query = mysql_query("INSERT INTO members (userid,username,password,email) VALUES ('0','".$username."','".$password."','".$email."')"); echo "You are now registered!"; }else{ echo 'You must enter a username, a password, and an e-mail address!'; } } else { //echo form } PHP:
you have encoded one password with sha1, and not the other one, thus making one sha1 encrypted, and the other one not..therefore not matching.
yup thats correct. Also, you do not need to sanitize the password $_POST value (since it's sha1 encrypted), and will cause someone to not beable to login if they use a single quote etc. Though, you could remove the sha1() function from the post value, and just insert the sha1 encoded password into the database. Also, you should cut down/delete the @ symbol used, slows down the script, since its not needed.
hmm, still does not work even after removing sha1 and i sanitized it so that ugly slq error does not appear to the users
Try this; error_reporting(0); if(isset($_POST['submit'])){ $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; $vpassword = $_POST['vpassword']; if(!$username || !$password || $vpassword || !$email){ exit('Please make sure you enter a username, password, verified password and email address.'); } if($password != $vpassword){ exit('Passwords do not match.'); } mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username', sha1('$password'), '$email')"); } PHP:
heres the form if it helps <form action="register.php" method="post"> E-Mail: <input type="text" name="email"><br/> Username: <input type="text" name="username" /><br/> Password: <input type="password" name="password" /><br/> Confirm Password: <input type="password" name"vpassword" /><br/> <input type="submit" name="submit" value="Register" /> </form> HTML: