Solved

Having problom with my checklogin() function with encryption. can somebody help me out with fiksing my function?

Posted on 2006-10-27
4
172 Views
Last Modified: 2013-12-12
I get session destroy and a message that the username or password i incorect.
elseif($ok != 1){
            session_destroy();
            
            print '<p>Feil Brukernavn eller Passord, vennligst klikk tilbake og prøv igjen.</p><hr>';
            $html = search();
***********************Her is my function************************************
<?php
 function checkLogin(){
       
       
$_mysqlHost["host"] = "localhost";
$_mysqlUsername["username"] = "gonadn";
$_mysqlPassword["password"] = "adn0420";
$_mysqlDatabase["database"] = "wiki";


            if (!($db = mysql_connect('localhost','gonadn','adn0420'))){
                          die("Can't connect to mysql.");    
            }
            else{
                    if (!(mysql_select_db('wiki',$db)))  {
                            die("Can't connect to db.");
                          }
            }
//connet to the database



session_start();
            $ok = 0;                  
            $username = strip_tags(substr($_POST['username'],0,32));
            $password = strip_tags(substr($_POST['password'],0,32));
            
            $cleanpw = crypt(md5($password));
            
            $sql="SELECT * FROM wikiusers WHERE username = " .
                  "'". mysql_real_escape_string($username)."' " .
                  "and password='". mysql_real_escape_string($cleanpw)."'limit 1";
      
            $result = mysql_query($sql);
                        //we have a match!
                        //"username", "password"
                        if(($username == $_POST['username']) && ($password == md5($_POST['password']))) {
                        $_SESSION["username"]=$_POST['username'];
                        $_SESSION["password"]=$_POST['password'];
                        $ok = 1;
            
            }elseif($ok != 1){
            session_destroy();
            
            print '<p>Feil Brukernavn eller Passord, vennligst klikk tilbake og prøv igjen.</p><hr>';
            $html = search();
      }
      else
      {
            $status = '<p>Logget inn</p>';
            print '<p>logget inn</p>';
            // Auf Passwortkorrektheit prüfuen
      }
 
      
                  
            
 }
 


 

 
?>
0
Comment
Question by:Adnan
  • 2
4 Comments
 
LVL 2

Expert Comment

by:davidateuropol
ID: 17819872
Hi,

Did you already try to put the session_start(); as the first line of the complete file. I think I have had the same problem once.

Try that first and let me know where you get the error
0
 
LVL 12

Expert Comment

by:adrian_brooks
ID: 17825079
First thing I think I feel is my duty to bring to your attention is the fact that you supplied your entire database password and username in your post. This is asking for someone to just walk right into your database and have a field day. You might consider changing your database password now to say the least.

Secondly, by the looks of your code, you are attempting to use the session to track the state of a user's being logged in. Typically, I will just start a session right from the very beginning of the script so that all my session vars are available for me to access. Then, should I need to either kill the session mid script, I can issue the session_destroy() function as such.

You might consider using javascript and PHP together as a way to track your users login state as the session typically (by default at least, unless modified in the ini file) will always use cookies for session management between the client and the server.

~AB
0
 
LVL 12

Accepted Solution

by:
adrian_brooks earned 500 total points
ID: 17825086
Another recommendation I would like to offer would be the use of a seperate implementation of your database connection rather than inside of the script there. It makes for tighter security.

You can create a script that does all your basic database connectivity in it like you have it there, but then do an include of that seperate script in this file so that your database connection link resource variable is accessible to this file. What I have done was actually wrote my own database class and just include that class, calling the methods of that class locally, but creating the database object in this file while including the database password, server, username and db name in a globals include file. Now, everything is more extensible as well as globally available for use elsewhere.

~AB
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP installation issues 11 59
google map tracking website 5 22
000webhost.com default error log 1 26
Detect Closed Loops (circles, figure-8s, etc) in PNG Images 6 31
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question