Home/ Questions/Q 6213143
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T06:38:35+00:00

<form action=inc/login/login.php method=post id=userLogon> <div class=field required> Username: <input type=text name=regduser tabindex=1 /><br />

  • 0
<form action="inc/login/login.php" method="post" id="userLogon">
    <div class="field required">
        Username: <input type="text" name="regduser" tabindex="1" /><br />
        </div>
        <div class="field required">
        Password: <input type="password" name="regdpass" tabindex="2" /><br />
        </div>
        <input type="submit" name="submitUser" />
</form>

PHP

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="ureviewdu"; // Database name 
$tbl_name="Student"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['regduser']; 
$mypassword=$_POST['regdpass'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE uname='$myusername' and upass='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("regduser");
session_register("regdpass"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

DB Submission
img1

When I click submit for entering joe joe for user and pass. How do I get php to recognize joe for pass is actually ’55abd89cb7ab6742370f0ad912fef335′ ? How do i get php to be able to decipher this?

Anyone?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    SELECT * FROM $tbl_name WHERE uname='$myusername' and upass=MD5('$mypassword')

    However, I need to advise you to read the blog by fearless leader about using salted passwords and stronger hashing functions. Don’t implement weak security.

    If the password in the database is already salted, you need to combine the plaintext password with the same salt before hashing. Ideally, each user has its own unique random salt, stored in the same row with the uname and upass. Then you can do this:

    SELECT * FROM $tbl_name WHERE uname='$myusername' 
  AND upass=MD5(CONCAT(usalt, '$mypassword'))
    • 0