Re: [klug] Php Encryption in Mysql Database

Thu, 15 Mar 2007 01:44:22 -0800 

Salamat kaayo Camilord sa imong dubag bai test nako balay unya kay out naman
ko work ..

On 3/15/07, Camilo III Lozano <[EMAIL PROTECTED]> wrote:


<?php
session_start();

//mysql connection string [start]
$connect = mysql_connect("localhost","mysql_user","mysql_passwd") or die
(mysql_error());
mysql_select_db("DB_Name", $connect) or die (mysql_error());
//mysql connection string [end]

//mysql injection protection [start]
if(get_magic_quotes_gpc()) {
     $username = stripslashes( $_POST['username']);
     $userpass = md5(stripslashes( $_POST['userpass']));
} else {
     $username = $_POST['username'];
     $userpass = md5($_POST['userpass']);
}
//mysql injection protection [end]


$sql = "SELECT username FROM usertable WHERE username = '%s' AND password
= '%s'";
//query with query sanitizer [begin]
$result = *mysql*_query(sprintf($sql,
              mysql_real_escape_string($username),
              mysql_real_escape_string($userpass)));
//query with query sanitizer [end]

if (*mysql*_num_rows($result) > 1) {
     $_SESSION['username'] = "$username";
   $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
   // any other data needed *to* navigate the site or
   // *to* authenticate the user can be added here
   *in*clude "membersection.*php *";


} else {
     $error = "Log *in* failed";
   * in*clude "log*in_*form.*php*";

}
?>
================================================
i think wala nimo na include ang mysql connection string... kanang after
sa session_start();

hope sakto ni.. hhehehehee...

================================================
--
Camilo Lozano III
BS Information Management
Mobile #: 0916-3338326
Telephone #:
   Iligan City: (063) 221-1122
   Cagayan de Oro City: (088) 350-7211
http://www.metacatalyst.org
http://camilord.metacatalyst.org
http://www.zabyer.org
http://klug.metacatalyst.org/
http://forum.xu.edu.ph
http://forum.xu.edu.ph/linux/index.php (my linux knowledge)
-------
Got my Own Hacker Key:
v3sw3BHhw5ln2pr5OFPck3ma2u4MLw5XVm+5l5UCi5Ne4t3b5en5g5RaIs5MSr3p2
http://www.hackerkey.com

Registered Linux User: #439468

_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph





--
Mr. Jarlo Nicholas L. Solde
" In God We Trust"

_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph

Reply via email to