the md5 posting database signup page know that's working, try here won't let me sign in , keeps telling me have wrong password.
<?php // parse log in form if user has filled out , pressed "log in" if (isset($_post["user_name"]) ) { $user = mysql_real_escape_string($_post["user_name"]); $pass_word = mysql_real_escape_string(md5($_post["pass_word"])); $pass_word=md5($pass_word); // connect mysql database include "../connect_to_mysql.php"; $sql = mysql_query("select m_id member user_name='$user' , pass_word='$pass_word' limit 1"); // query person // ------- make sure person exists in database --------- $existcount = mysql_num_rows($sql); // count row nums if ($existcount == 1) { // evaluate count while($row = mysql_fetch_array($sql)){ $id = $row["m_id"]; } $_session["m_id"] = $id; $_session["user"] = $user; $_session["pass_word"] = $pass_word; header("location: ../../index.php"); exit(); } else { echo 'that information incorrect, try again <a href="member_login.php">click here</a>'; exit(); } } ?>
you're running md5 twice on password.
$pass_word = mysql_real_escape_string(md5($_post["pass_word"])); $pass_word = md5($pass_word); also, don't use md5, unsafe, using bcrypt, secure, , easy implement in php. replacing md5 line of code make password hashes safe. preferably add salt, salt being random string. make breaking passwords nigh impossible.
$hash = password_hash($password . $salt, password_bcrypt); 
Comments
Post a Comment