Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
  1. #16
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I went about it differently and solved it myself, thanks for not helping me, you don't have to do anything with gpc_magic_quotes.

    PHP Code:
    <?php
    //processlogin.php

    session_start();
    require(
    'config.php');


    $username $_POST['username'];
    $password $_POST['password'];


    $username stripslashes($username);
    $password stripslashes($password);

    $sql "select * from users where username = '$username' and password = '$password' ";
    $result mysql_query($sql) or die ( mysql_error() );
    $count mysql_num_rows($result);


    if (
    $count == 1) {
         
    $_SESSION['loggedIn'] = "true";
         
    $_SESSION['username'] = $row['username'];
         
    header("Location: welcome.php");
    } else {
         
    $_SESSION['loggedIn'] = "false";
         
    header("Location: error.php");
    }

    ?>

  2. #17
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    I didn't suggest you *had* to do anything with them at all.
    As I pointed out, more than once, that was to correct the badly implemented code you had. You never did provide the answer for the question which I could have helped you with.

    This is wrong:
    PHP Code:
    $username $_POST['username'];
    $password $_POST['password'];


    $username stripslashes($username);
    $password stripslashes($password); 
    You stripslash ONLY where magic_quotes_gpc has been enabled on the environment.

    You are also missing your mysql_real_escape_string calls.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  3. #18
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    I didn't suggest you *had* to do anything with them at all.
    As I pointed out, more than once, that was to correct the badly implemented code you had. You never did provide the answer for the question which I could have helped you with.

    This is wrong:
    PHP Code:
    $username $_POST['username'];
    $password $_POST['password'];


    $username stripslashes($username);
    $password stripslashes($password); 
    You stripslash ONLY where magic_quotes_gpc has been enabled on the environment.

    You are also missing your mysql_real_escape_string calls.
    Thanks Fou-Lu, sorry for misunderstanding you. How would I go about incorporting a salted md5 function into the signup and login?

  4. #19
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    PHP Code:
    <?php
    //processlogin.php

    session_start();
    require(
    'config.php');


    $username $_POST['username'];


    $username stripslashes($username);
    $password sha1($_POST['password']);
    $sql "SELECT * FROM users WHERE username = '" $username .
        
    "' AND password = '" $password "'";
    $result mysql_query($sql) or die ( mysql_error() );
    $row mysql_fetch_row($result);
    $count mysql_num_rows($result);

    if (
    $count == 1) {
         
    $_SESSION['loggedIn'] = "true";
         
    $_SESSION['username'] = $row['username'];
          
    $_SESSION['email'] = $row['email'];
         
    header("Location: welcome.php");
    } else {
         
    $_SESSION['loggedIn'] = "false";
         
    header("Location: error.php");
    }

    ?>
    This is what I've tried but it isnt working.


 
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •