i have a script not my work but it encrypts the password so when i go to log in it says invalid password this is the code which inserts the password // Add the user. $query = "INSERT INTO exchange (name, username, password, email, parkname, parklocation, caravandetails) VALUES ('$n', '$u', SHA('$p'), '$e', '$pn', '$pl', '$c')"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (mysql_affected_rows() == 1) { // If it ran OK. PHP: and this is my login script // simple login script // filename: login.php $form = ' <p align="center" class="bodytext"> Members Login<br> <form action="login.php" method="post"> Username:<input type="name" name="username"> Password:<input type="password" name="password"> <input type="submit" name="submit" value="submit this"> </form> '; if(isset($_POST['submit'])){ $hm = authenticate($_POST['username'], $_POST['password']); $hm2 = mysql_num_rows($hm); if($hm2 > 0){ echo "You have successfully Logged in! You will be redirected in three seconds!><br /><br /> <div class='info'>If you don't wish to wait, <a href='members_area.php'>click here</a>"; echo'<meta http-equiv="REFRESH" content="3;url=members_area.php">';; }else{ echo "username / password not valid<br>"; echo $form; } }else{ echo $form; } function authenticate($username, $password){ $request = "SELECT * FROM exchange WHERE password='$password' AND username='$username'"; // Pass the request to the mysql connection, $results = query_db($request); // if mysql returns any number of rows great than 0 there is a match return $results; } PHP: what do i have to do many thanks Doug
In your authenticate function you seem to be taking the password that the user gave and trying to find that password in the database, but you've already said that they're encrypted, so they're not going to match. Try replacing: $request = "SELECT * FROM exchange WHERE password='$password' AND username='$username'"; with: $request = "SELECT * FROM exchange WHERE password=SHA('$password') AND username='$username'"; That way you should be comparing the encrypted passwords with the encrypted user input.
The password is in hashed form in the DB, yet you are trying to compare a raw password from the form to the hashed one. So, you have to hash the password given in the login form and compare that to the one in the database. So your new authentication SQL query would be: $request = "SELECT * FROM exchange WHERE password=SHA('$password') AND username='$username'"; Code (markup): Um... TwistMyArm beat me to replying, hence our similar posts