Copy link to clipboard
Copied
i searched every where and also tried the code given in the forums but still i m unable to use the code i don't know what i m doing wrong in the code ... i m very thankfull if anybody can help
my code for inserting password in database
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
$pass = $_POST['hhh'];
$epass = password_hash('$pass',PASSWORD_DEFAULT);
$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES (%s, %s)",
GetSQLValueString($epass, "text"),
GetSQLValueString($_POST['hh'], "text"));
mysql_select_db($database_infinityo, $infinityo);
$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());
}
and now my code for log in...which is not working...!
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-1.php?u=s";
$MM_redirectLoginFailed = "Untitled-1.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$lpass = password_verify('$password', $row_p['pass']);
$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
i have also tried this code but stlii nothing happening ...
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-1.php?u=s";
$MM_redirectLoginFailed = "Untitled-1.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$lpass = password_verify('$password', $row_p['pass']);
$LoginRS__query=sprintf("SELECT un, pass FROM test WHERE un=%s AND pass=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($lpass, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
$row = mysql_fetch_assoc($LoginRS);
$stored_password = $row['password'];
if(password_verify($_POST['password_input'], $stored_password)) {
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
i don't know here what i m doing wrong....password security is imp for my site , and if u have any better suggestions for security pls,i ll be very thankfull to u.
iamdpk wrote
noo that will not be ur waste of time, i ll definetly use that... i used this code thats y i said to correct this code if u can give me a better code then i ll be very thankfull to u
Assuming you have a database with 2 columns 'username' and 'password' plus a unique column called id. (I assume you know how to create a database and a table in that database although I'm skeptical - lets start using some real and meaningful naming convention not that shite you are currenly working with)
...Copy link to clipboard
Copied
Thank u so much... God bless u... Merry Christmas!
Copy link to clipboard
Copied
Where are you setting $database_infinityo and $infinityo?
Is $_POST['hhh'] the password, and $_POST['hh'] the username?
V/r,
^ _ ^
Copy link to clipboard
Copied
yep
Copy link to clipboard
Copied
WolfShade wrote
Where are you setting $database_infinityo and $infinityo?
They are pulled from a connection file that DW automatically produces.
No wonder the server behaviours were put to bed. Its the most chaotic code l think lve ever come across, still we are talking DW engineers who seem to excel in failure or producing vastly exaggerated coding to do the most basic of operations.
Copy link to clipboard
Copied
PHP 5.4 won't work.
Copy link to clipboard
Copied
i m working on
Copy link to clipboard
Copied
it is very costly to use server side , dmxzone extensions are very costly for me... i cant afford them, now i have only one way and that is the way i m using now...
i just want to store pass in secured way,
i dont know that much programing,
i dont have money!,
dont have time to learn new progamming language...
so ... dont know what to do now.... i dont wanna give up on this stage.
Copy link to clipboard
Copied
iamdpk wrote
i just want to store pass in secured way,
i dont know that much programing,
i dont have money!,
dont have time to learn new progamming language...
You sure have a lot of excuses for not learning to code. Osgood generously gave you some new code to work with. Learn from it.
Nancy
Copy link to clipboard
Copied
page to enter details to database
<?php require_once('Connections/infinityo.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
$pass = $_POST['hhh'];
$epass = password_hash('$pass',PASSWORD_DEFAULT);
$insertSQL = sprintf("INSERT INTO test (pass, un) VALUES ('".$epass."' , %s)",
GetSQLValueString($_POST['hh'], "text"));
mysql_select_db($database_infinityo, $infinityo);
$Result1 = mysql_query($insertSQL, $infinityo) or die(mysql_error());
$insertGoTo = "Untitled-2.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml 1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>test 1</title>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
</head>
<body>
1
<form action="<?php echo $editFormAction; ?>" name="form" method="POST"><input name="hh" type="text" /><input name="hhh" type="text" /><input name="" type="submit" />
<input type="hidden" name="MM_insert" value="form" />
</form>
</body>
</html>
page to verify login
<?php require_once('Connections/infinityo.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['un'])) {
$loginUsername=$_POST['un'];
$password = $_POST['pass'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Untitled-2.php?u=s";
$MM_redirectLoginFailed = "Untitled-2.php?u=f";
$MM_redirecttoReferrer = false;
mysql_select_db($database_infinityo, $infinityo);
$LoginRS__query=sprintf("SELECT * FROM test WHERE un=%s",
GetSQLValueString($loginUsername, "text"));
$LoginRS = mysql_query($LoginRS__query, $infinityo) or die(mysql_error());
$row = mysql_fetch_assoc($LoginRS);
if(password_verify($password, $row['pass'])){
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>test 2</title>
</head>
<body>
2
<form ACTION="<?php echo $loginFormAction; ?>" name="2" method="POST"><input name="un" type="text" /><input name="pass" type="text" /><input name="" type="submit" /></form>
<?php
$ep = '$2y$10$UTjqDavj0jdz5rRNz032EO0Eb3kNOHXFmjJCPQ8p6Zltw8sYZIlbe';
if (password_verify('wsx', $ep )) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
</body>
</html>