Member Avatar for ckdoublenecks

I think the below code will do the password If I can figure out how to direct this program to the the main program if the password is correct. Can someone help me with the link, please?

<?php
mysql_connect(localhost,root,"");
mysql_select_db(entrydb) or die( "Unable to select database");
if(!empty($_POST["submit"]))
{
 $password = $_POST['password'];
$expdate = $_POST['expdate'];
$query="SELECT password, expdate FROM entrydata Where password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result))
{
  echo "<form action='#' method='post'>";
       
  echo "</form>";
}
  else{echo "Access denied<br />";}
 }
?>
<form method="post" action="#"><br />
 <input type="text" name="password"/><p>
<input type="submit" name="submit" value="enter password"/>
</form>
Edited by ckdoublenecks because: n/a
  • 2 Contributors
  • 4 Replies
  • 182 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by ckdoublenecks

Recommended Answers

All 4 Replies

Member Avatar for diafol

I don't follow. What do you want to do? Is this your code?

Member Avatar for ckdoublenecks

Yes, this is my code. I'm trying to use this code to compare to the password from a database and reject if input doesn't match and go to my main page if it does. It works but I can't find how to link to the main page. Basically I'm trying to password protect the system (localhost)I've developed. Then I'm hoping to learn how to use the exp date from the database to compare to the system date. I'm sure there are better ways but this is what I came up with??

Member Avatar for diafol

My quick and dirty solution (pseudocode):

1. get password from input and current date from date(xxx), where xxx is the format used in your db, so that you can compare them easily;
2. your password in the db should be 'hashed and salted', so you need to hash and salt the password input for comparison.
3. use one mysql query where you check for the 'user_id' AND the 'hashed_password' AND the 'exp_date'.
4. if you receive no results, e.g. mysql_num_rows($query) == 0, then you know there's a problem.

You can tart this up substantially, but that's my usual method. NOTE - hashing + salting a password means that the original password is no longer available for retrieval. If an user loses the pw, am email should be sent to their address with a confirmation querystring. If the user follows the link - a new pw is generated and sent to the same email address. Otherwise, nothing happens - this is to prevent malicious 'reset my password' problems.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.