iStriide Posted August 4, 2010 Share Posted August 4, 2010 mysql_connect('', '', ''); mysql_select_db(''); if (isset($_POST['submit'])) { $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql = "SELECT id FROM login WHERE username = '$user' && `password` = MD5('$pass')"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // $user & $pass are valid echo "You Logged In $user"; } else { // $user || $pass invalid echo "Invalid Login"; } } } Quote Link to comment Share on other sites More sharing options...
marcus Posted August 4, 2010 Share Posted August 4, 2010 1. Don't bother using any protection on your password since you're encrypting the entire string. $user = mysql_real_escape_string($_POST['user']); $pass = md5($_POST['pass']); $sql = "SELECT id FROM `login` WHERE `username`='".$user."' AND `password`='".$pass."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res)){ // logged in }else { //invalid user/pass } How are you keeping the user logged in? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.