0

I think the below code will do the password If I can figure out how to direct this program to the the main program if the password is correct. Can someone help me with the link, please?

<?php
mysql_connect(localhost,root,"");
mysql_select_db(entrydb) or die( "Unable to select database");
if(!empty($_POST["submit"]))
{
 $password = $_POST['password'];
$expdate = $_POST['expdate'];
$query="SELECT password, expdate FROM entrydata Where password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result))
{
  echo "<form action='#' method='post'>";
       
  echo "</form>";
}
  else{echo "Access denied<br />";}
 }
?>
<form method="post" action="#"><br />
 <input type="text" name="password"/><p>
<input type="submit" name="submit" value="enter password"/>
</form>

Edited by ckdoublenecks: n/a

2
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by ckdoublenecks
0

I don't follow. What do you want to do? Is this your code?

0

Yes, this is my code. I'm trying to use this code to compare to the password from a database and reject if input doesn't match and go to my main page if it does. It works but I can't find how to link to the main page. Basically I'm trying to password protect the system (localhost)I've developed. Then I'm hoping to learn how to use the exp date from the database to compare to the system date. I'm sure there are better ways but this is what I came up with??

0

My quick and dirty solution (pseudocode):

1. get password from input and current date from date(xxx), where xxx is the format used in your db, so that you can compare them easily;
2. your password in the db should be 'hashed and salted', so you need to hash and salt the password input for comparison.
3. use one mysql query where you check for the 'user_id' AND the 'hashed_password' AND the 'exp_date'.
4. if you receive no results, e.g. mysql_num_rows($query) == 0, then you know there's a problem.

You can tart this up substantially, but that's my usual method. NOTE - hashing + salting a password means that the original password is no longer available for retrieval. If an user loses the pw, am email should be sent to their address with a confirmation querystring. If the user follows the link - a new pw is generated and sent to the same email address. Otherwise, nothing happens - this is to prevent malicious 'reset my password' problems.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.