i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help my code for inserting password in database if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) { $pass = $_POST['hhh']; $epass = password_hash('$pass',PASSWORD_DEFAULT); $insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)", GetSQLValueString($epass, "text"), GetSQLValueString($_POST['hh'], "text")); mysql_select_db($database_infinityo, $infinityo); $Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error()); } and now my code for log in...which is not working...! if (isset($_POST['un'])) { $loginUsername=$_POST['un']; $password=$_POST['pass']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "Untitled-1.php?u=s"; $MM_redirectLoginFailed = "Untitled-1.php?u=f"; $MM_redirecttoReferrer = false; mysql_select_db($database_infinityo, $infinityo); $lpass = password_verify('$password', $row_p['pass']); $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text")); $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } i have also tried this code but stlii nothing happening ... if (isset($_POST['un'])) { $loginUsername=$_POST['un']; $password=$_POST['pass']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "Untitled-1.php?u=s"; $MM_redirectLoginFailed = "Untitled-1.php?u=f"; $MM_redirecttoReferrer = false; mysql_select_db($database_infinityo, $infinityo); $lpass = password_verify('$password', $row_p['pass']); $LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text")); $LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); $row = mysql_fetch_assoc($LoginRS); $stored_password = $row['password']; if(password_verify($_POST['password_input'], $stored_password)) { if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } } else { header("Location: ". $MM_redirectLoginFailed ); } } i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.
... View more