Question
Help with md5
Hi, I have successfully added md5 to my membership join page
and the password is encrypted in my database table. However, it
does not go to the member page when successful. It adds all the
data that was filled out in the form into the database table and
then returns with the membership join page again but with the form
empty. Here is my script.
<?php require_once('Connections/member.php'); ?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="choose_another_username.php";
$loginUsername = $_POST['username'];
$LoginRS__query = "SELECT loginname FROM member WHERE loginname='" . $loginUsername . "'";
mysql_select_db($database_member, $member);
$LoginRS=mysql_query($LoginRS__query, $member) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newuser")) {
$insertSQL = sprintf("INSERT INTO member (loginname, password, lastname, firstname, street, suburb, `state`, postcode, email, phone, newsletter, changenotes) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['street'], "text"),
GetSQLValueString($_POST['suburb'], "text"),
GetSQLValueString($_POST['select'], "text"),
GetSQLValueString($_POST['postcode'], "int"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString(isset($_POST['subscribeyes']) ? "true" : "", "defined","'Y'","'N'"),
GetSQLValueString(isset($_POST['changeyes']) ? "true" : "", "defined","'Y'","'N'"));
mysql_select_db($database_member, $member);
$Result1 = mysql_query($insertSQL, $member) or die(mysql_error());
$insertGoTo = "members_home.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
I am also trying to add md5 to the loginpage but without success. I have been told what to add but I am unsure where to add or what to modify to make it work. Your help on both matters would be awesome. Here is the md5 addition that I was given
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
Here is my login script
<?php require_once('Connections/member.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "members_home.php";
$MM_redirectLoginFailed = "failed_login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_member, $member);
$LoginRS__query=sprintf("SELECT loginname, password FROM member WHERE loginname='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $member) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
Thanks everyone, I am a PHP nuffie and I really appreciate all the help!
<?php require_once('Connections/member.php'); ?>
<?php
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="choose_another_username.php";
$loginUsername = $_POST['username'];
$LoginRS__query = "SELECT loginname FROM member WHERE loginname='" . $loginUsername . "'";
mysql_select_db($database_member, $member);
$LoginRS=mysql_query($LoginRS__query, $member) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "newuser")) {
$insertSQL = sprintf("INSERT INTO member (loginname, password, lastname, firstname, street, suburb, `state`, postcode, email, phone, newsletter, changenotes) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['lastname'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['street'], "text"),
GetSQLValueString($_POST['suburb'], "text"),
GetSQLValueString($_POST['select'], "text"),
GetSQLValueString($_POST['postcode'], "int"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString(isset($_POST['subscribeyes']) ? "true" : "", "defined","'Y'","'N'"),
GetSQLValueString(isset($_POST['changeyes']) ? "true" : "", "defined","'Y'","'N'"));
mysql_select_db($database_member, $member);
$Result1 = mysql_query($insertSQL, $member) or die(mysql_error());
$insertGoTo = "members_home.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
I am also trying to add md5 to the loginpage but without success. I have been told what to add but I am unsure where to add or what to modify to make it work. Your help on both matters would be awesome. Here is the md5 addition that I was given
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
Here is my login script
<?php require_once('Connections/member.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
if (isset($_POST['password'])) {$_POST['password'] =
md5($_POST['password']);}
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "members_home.php";
$MM_redirectLoginFailed = "failed_login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_member, $member);
$LoginRS__query=sprintf("SELECT loginname, password FROM member WHERE loginname='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $member) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
Thanks everyone, I am a PHP nuffie and I really appreciate all the help!
AdChoices