Did you try print $query to ensure it contained what you expected?
-Original Message-
From: Hawk [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 2:54 PM
To: [EMAIL PROTECTED]
Subject: [PHP] encrypting passwords, how to decrypt?
Ok, even if I don't need encryption I thought I might go ahead and try to
learn it, and as I said in the previous post I managed to get it working
everywhere but on the login script
first I have a form that sends username and password to login.php, in that
file I have something like this
?
$the host user pswd and db vars
mysql_connect($host, $user, $pswd);
mysql_select_db($db);
$query = SELECT * FROM users WHERE username='$username' and
password='$password';
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ( $num != NULL ) {
session_start();
session_register(admin_allow);
$admin_allow = mytopsecretpassword;
header(location: admin/index.php);
}
else { header(location: admin.php); }
?
I know it looks messy, and I removed some stuff to make it smaller to post,
but when I use non encrypted passwords this works fine, my problem is that I
don't know how to to do read a encrypted password in the $query, or if I
need to do it in some other way(been trying a few different this far)
I tried with
$query = SELECT * FROM users WHERE username='$username' and
password=password('$password');
but that made $num = 0, and the login fail
I'm getting really tired (from sleeping to little..) and that might have
reduced my thinking even more than usual, but what am I doing wrong ? :P
Hawk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]