0

Hello

I have been reasearching many sites regarding encryption, I am a bit lost. I can cryp() the password with $salt but when I go to login and compare the passwords it keeps taking me back to the login. I have taken out all the encryption code but below is what I have.

processadduser.php

<?php

session_start();
require "connect.php";

$firstname = $_GET['firstname'];
$surname = $_GET['surname'];
$username = $_GET['username'];
$password = $_GET['password'];
$userlevel = $_GET['userlevel'];


$query = "insert into clergyid values(0,
'".$firstname."',
'".$surname."',
'".$username."',
'".$password."',
'".$userlevel."')";

$result = mysql_query($query, $connection)
or die ("Unable to perform query" . mysql_error());

header("Location: listusers.php");

?>

logincheck.php

<?php
	session_start();
	require "connect.php";
	$username = $_GET['username'];
	$password = $_GET['password'];
	$query = "select * from clergyid where Username ='".$username."' and Password ='".$password."'";
	$result = mysql_query($query, $connection)
	or die ("Unable to perform query<br>$query");
	$row = mysql_fetch_array($result);

	if ($row != null) {
	$_SESSION['username'] = $row['Username'];
	$_SESSION['password']= $row['Password'];
	$_SESSION['userlevel'] = $row['UserLevel']; // store the value of user level
	$_SESSION['firstname'] = $row['FirstName'];
	$_SESSION['lastname'] = $row['LastName'];
	if($_SESSION['userlevel'] == 'admin') {header ("Location: admin.php");} //redirect to admin.php if the user is admin
	else {header ("Location: index.php");} // redirect to  main page if the user is registered user
	exit();
	}

	else{
	$message = "Invalid username or password please try again!";
	header ("Location: login.php? message=$message");
	exit();
	}
?>

I basically need help with house I can encrypt the password and then once its be encrypted compare that to the password entered on the login form.

Any help will be much appreciated

Please can someone help

Regards
Chris

2
Contributors
2
Replies
6
Views
6 Years
Discussion Span
Last Post by chris_j_haines
0

Fisrt : you need to make sure that the password in the database is stored in encrypted
Form , If not clear it and add the encrypt form through the use of sha1 function as an example or md5 will work just fine
for example

<?php
$password = sha1($_POST['password']);

$sql = "UPDATE users SET password = '{$password}' WHERE id = 1 ";
$query = mysql_query($sql) or die(mysql_error());

?>

or you can echo the variable $password and copy and paste to phpmyAdmin

The Login Action

<?php

$username = $_POST['username'];
$password = sha1($_POST['password']);

$sql = "SELECT * FROM users WHERE username = '{$username}' AND password = '{$password}'";

$query = mysql_query($sql) or die (mysql_error());

if (mysql_num_rows($query) == 1){
$row = mysql_fetch_array($query);
$_SESSION['username'] = $row['username'];
$_SESSION['userlevel'] = $row['userlevel'];
if ($_SESSION['userlevel'] == 'admin') { header("Location:admin.php");}
else {
header("Location:index.php");
}
}
?>

Hope That makes it clear for you

0

Thank you so much that has solved my problem you are a lifesaver, so simple solution but i couldn't work it out

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.