Typical login script... user problem... :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,

I am giving a shot at a typical login script, which plucks usernames,
passwords, and access levels from 2 databases. The passwords database uses
md5 encryption, I havn't much of a clue what I am doing with that though.

My real problem, if thats not it, lies with the verification. I try to log
in using a real account/password, and a fake account/password, and it
simply reloads the form without displaying any of the 'else' statements.
Any help would be appreciated.

Script is 'supposed' to function like this;
-> Collect form information.
-> Connects to database.
-> Sets $db_user as ID(TINYINT(6)) from database Users.
-> Sets $db_pass as Password(MD5(32)) from database Passwords.
-> Converts the $db_pass(Password from FORM) to MD5 hash.
-> Checks if password(MD5) from FORM matches password(MD5) from database.
-> -> If match get access level from Users & set some cookies.
-> -> If failed kick their asses ;)
-> Checks if access level matches either 1, 2, or 3 and displays relative
info.

Areas of concern for me are MD5, $GLOBALS, and PHP_SELF. (Are those
correct?)

<? if ($submit) {
	$db = mysql_connect("localhost", "dbname", "dbpassword");
	mysql_select_db("mydb", $db);

	$db_user = "
	SELECT ID FROM dbusers
	WHERE UserName = '$username'";

	$db_pass = "
	SELECT Password FROM dbpasswords
	WHERE ID = '$db_user'";

	$db_pass_temp = MD5('$db_pass');

	if ($password == $db_pass_temp) {
		$db_access = "
		SELECT Access FROM dbusers
		WHERE ID = '$db_user'";

		setcookie('user', $_POST['$db_user'], (time()
+2592000), '/', '', 0);
		setcookie('access', $_POST['$db_access'], (time()
+2592000), '/', '', 0);
		}
	else {
		echo "Password specified was incorrect.";
		}

	if ($db_access == "1") {
		echo "You are logged in as an Administrator.<BR>
		<A href='next.php'>Click here for options.</A>";
		}
	elseif ($db_access == "2") {
		echo "You are logged in as a Power User.<BR>
		<A href='next.php'>Click here for options.</A>";
		}
	elseif ($db_access == "3") {
		echo "Welcome to this place, you are logged in.<BR>
		<A href='next.php'>Click here for options.</A>";
		}
	}
?>
<FORM method="POST" action="<? echo $GLOBALS ['PHP_SELF'];?>">
	Name:<INPUT type="text" name="username" selected><BR>
	Password:<INPUT type="password" name="password"><BR>
	<INPUT type="submit" name="submit" value="Login">
</FORM>



Hartleigh Burton
www.channel-x.org



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux