Copy link to clipboard
Copied
i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help
my code for inserting password in database
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
$pass = $_POST['hhh'];
$epass = password_hash('$pass',PASSWORD_DEFAULT);
$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",
GetSQLValueString($epass, "text"),
GetSQLValueString($_POST['hh'], "text"));
mysql_select_db($database_infinityo, $infinityo);
$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());
}
and now my code for log in...which is not working...!
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-1.php?u=s";
$MM_redirectLoginFailed = "Untitled-1.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$lpass = password_verify('$password', $row_p['pass']);
$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
i have also tried this code but stlii nothing happening ...
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-1.php?u=s";
$MM_redirectLoginFailed = "Untitled-1.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$lpass = password_verify('$password', $row_p['pass']);
$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
$row = mysql_fetch_assoc($LoginRS);
$stored_password = $row['password'];
if(password_verify($_POST['password_input'], $stored_password)) {
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.
iamdpk wrote
noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u
Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)
...Copy link to clipboard
Copied
Please tell me you're not using the deprecated server-behaviors panels for this. Those panels were removed from DW for a reason. The code is not secure and it won't work on servers running PHP7 or higher.
Nancy
Copy link to clipboard
Copied
Yes i m using server behavior. .. I don't know how to use server side...!
Copy link to clipboard
Copied
DMX Zone has modern commercial extensions to replace the deprecated SB panels in DW.
https://www.dmxzone.com/go/32980/creating-a-complete-login-system-with-dmxzone-security-provider
Or see link below for a coding tutorial:
Simple User Registration & Login Script in PHP and MySQLi | All PHP Tricks
Nancy
Copy link to clipboard
Copied
Thanks for the suggestion... I ll look to this in future... But still I m working with this... So I need this code solved
Copy link to clipboard
Copied
You should not use this code. It's not secure & it won't work on PHP 7 servers.
Copy link to clipboard
Copied
I m using 5.4 php server
Copy link to clipboard
Copied
iamdpk wrote
I m using 5.4 php server
I think the password_hash function was only introduced in php 5.5
Copy link to clipboard
Copied
In addition to osgood_'s answer, please see Securely Hash Passwords with PHP — Jonathan Suh
Copy link to clipboard
Copied
Which version of PHP are you working with?
Copy link to clipboard
Copied
Pls someone... Solve my problem...! Without telling me about other things or advice.... (don't mind)
Copy link to clipboard
Copied
That's just it. I don't think, given your current setup, that it can be "solved", at least not the way you hope.
From what I've read, so far, you can upgrade to PHP 5.5 to use the code that you have been advised to not use, or you can learn how to code and do it a proper way. No one is trying to punish you or make your life miserable. But advice, decent advise, has been provided. It's up to you on where to go from here.
V/r,
^ _ ^
Copy link to clipboard
Copied
I have to buy dreamweaver cc for that! I m using dreamweaver cs6
Copy link to clipboard
Copied
I'm no fan of DW CC, believe me. But if you are going to use CS6, then learn to code and build it manually. I don't see any other options.
V/r,
^ _ ^
Copy link to clipboard
Copied
No, you don't need to buy CC to work with PHP 5.5 and up.
DWCC has no server behavior panel what-so-ever, it was removed due to the outdated/incorrect code it generated back in CS6 and earlier.
What you do need is either someone who can code to modern standards (this can be you, if you choose to learn how), or one of the paid extensions (that are also compatible with CS6) to bring your version of the program into the modern era.
If you had CC, you would still need one of those two things.
Copy link to clipboard
Copied
iamdpk wrote
I have to buy dreamweaver cc for that! I m using dreamweaver cs6
If you want to be able to use password_hash and password_verify then I would first see if you have access to php version 5.5+
Is this a remote server you are working with or a local server? You should really have a local server testing environment set up like MAMP or XAMPP - both those will have later versions of php and are freely available to download, so you can test your code, then it would be up to your remote host to move you onto something more advanced than php 5.4
However IF you intend to use the DW Server Behaviours, which I do not advise, you should NOT be upgrading to php version 7, as they wont work, php 5.6 still supports them...I dont think there was a php 6.00 version, it jumped to version 7.
Copy link to clipboard
Copied
I m working on xamp local server
Copy link to clipboard
Copied
And my hosting server is set on 5.4 php.(which I can change)
Copy link to clipboard
Copied
Once you have upgraded your php to something higher than 5.4 BUT NOT 7 change your query string to as below:
$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",
GetSQLValueString($loginUsername, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$row = mysql_fetch_assoc($LoginRS);
Then change this line of code:
if(password_verify($_POST['password_input'], $stored_password)) {
To this line of code:
if(password_verify($password, $row['pass'])) {
The below is what you new code should now look like:
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password = $_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-1.php?u=s";
$MM_redirectLoginFailed = "Untitled-1.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",
GetSQLValueString($loginUsername, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$row = mysql_fetch_assoc($LoginRS);
if(password_verify($password, $row['pass'])){
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
Copy link to clipboard
Copied
not working bro...tried as u instructed, but still it sending me to u=f
Copy link to clipboard
Copied
Then you have something wrongly set up as the code has been tried and tested.
Copy link to clipboard
Copied
take a look at this code, is there something wrong in this....
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
$pass = $_POST['hhh'];
$epass = password_hash('$pass',PASSWORD_DEFAULT);
$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",
GetSQLValueString($epass, "text"),
GetSQLValueString($_POST['hh'], "text"));
mysql_select_db($database_infinityo, $infinityo);
$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());
}
Copy link to clipboard
Copied
Have a look at what is being passed into your database from the registration form as l dont see any username, just the password.
I guess post hh might be the username. It would serve you well to use something more descriptive than a couple of letters.
I could post a more modern approach to a registration and login solution but l somehow think that would be a waste of time as its not really coming across that you would know what to do with it.
Copy link to clipboard
Copied
noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u
Copy link to clipboard
Copied
iamdpk wrote
noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u
Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)
Change the database connection details - 'server_name' , 'username' , 'password' , 'database_name' - to those of your own in the $conn string
REGISTRATION FORM:
<?php
// make connection to database
$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');
?>
<?php
if(isset($_POST['submit'])){
$username = $conn->real_escape_string($_POST['username']);
$password = $conn->real_escape_string($_POST['password']);
$hashPassword = password_hash($password,PASSWORD_DEFAULT);
$sql = "insert into test (username, password) value('".$username."', '".$hashPassword."')";
$result = mysqli_query($conn, $sql);
if($result)
{
echo "Registration successfully";
}
}
?>
<h1>Registration Form</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="username" value="" placeholder="User Name">
<input type="password" name="password" value="" placeholder="Password">
<input type="submit" name="submit" value="Submit" />
</form>
LOGIN FORM:
<?php
// make connection to database
$conn = new mysqli('server_name' , 'username' , 'password' , 'database_name');
?>
<?php
if(isset($_POST['submit'])){
$username = $conn->real_escape_string($_POST['username']);
$password = $conn->real_escape_string($_POST['password']);
$get_username = $conn->query("SELECT * from test where username = '".$username."'") or die($conn->error);
$row = $get_username->fetch_assoc();
$num_rows = $get_username->num_rows;
if($num_rows == 1){
if(password_verify($password, $row['password'])){
// success go to (change as required)
header('Location: http://www.bbc.co.uk');
}
else{
// failure go to (change as required)
header('Location: http://www.itv.co.uk');
}
}
else{
echo "No User found";
}
}
?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="username" value="" placeholder="UserName">
<input type="password" name="password" value="" placeholder="Password">
<input type="submit" name="submit" value="Submit" />
</form>