PHP MD5 Create User Form -
i have used tutorial here: http://www.phpeasystep.com/phptu/26.html create login form website. have set upassword field in database md5 , of passwords in database encrypted md5.
the login works perfectly, confused creating registration form.
the form requests user input desired password. confused how take password user inputs, converting md5 , inputting md5 password upassword field in user table.
below code have processresgistration.php file:
/* database connection info*/ mysql_select_db("dbname", $con); $encryptedpassword = md5($_post['upassword']); md5($upassword); $sql="insert users (uname, upassword, usurname, ufirstname) values ('$_post[uname]','$encryptedpassword','$_post[usurname]','$_post[ufirstname]'"; if (!mysql_query($sql,$con)) { die('error: ' . mysql_error()); } echo "account created. can login"; mysql_close($con) ?> the code above supposed to:
- create variable named encryptedpassword
- use upassword encryptedpassword
- convert encrypted password md5
- input md5 password users table upassword
i'm sure i've not used correct variable somewhere, or have done simple error syntax; comments/help appreciated!
thanks, chris m
you code require validation & escaping, more :
<?php /* database connection info */ mysql_select_db("dbname", $con); if ($_request['method'] == 'post') { $uname = filter_input(input_post, 'uname'); $upassword = filter_input(input_post, 'upassword'); $usurname = filter_input(input_post, 'usurname'); $ufirstname = filter_input(input_post, 'ufirstname'); // validation here ... // if ok, crypte password $hashedpassword = md5($upassword); // , store $sql = sprintf( 'insert users (uname, hashedpassword, usurname, ufirstname) values (%s, %s, %s, %s);', mysql_real_escape_string($uname, $con), mysql_real_escape_string($hashedpassword, $con), mysql_real_escape_string($usurname, $con), mysql_real_escape_string($ufirstname, $con) ); if (!mysql_query($sql,$con)) { die('error: ' . mysql_error()); } mysql_close($con); echo "account created. can login"; } ?> now login
<?php if ($_request['method'] == 'post') { $uname = filter_input(input_post, 'uname'); $upassword = filter_input(input_post, 'upassword'); $hashedpassword = md5($upassword); $sql = sprintf( 'select * users uname = "%s" , hashedpassword = "%s" limit 1', mysql_real_escape_string($uname, $con), mysql_real_escape_string($hashedpassword, $con), ); // etc etc ... } ?>
Comments
Post a Comment