SHA function issues

Posted by Damian James on Stack Overflow See other posts from Stack Overflow or by Damian James
Published on 2010-03-26T01:38:34Z Indexed on 2010/03/26 1:43 UTC
Read the original article Hit count: 459

Filed under:
|
|

I have this php code from my login.php

if (isset($_POST['logIn'])) {
    $errmsg = "";
    $logname = mysqli_real_escape_string($dbc, trim($_POST['usernameIn']));
    $logpassword = mysqli_real_escape_string($dbc, trim($_POST['passwordIn']));

    $query = "SELECT user_id, username FROM members WHERE username = '$logname' AND password = SHA('$logpassword')";
    $data = mysqli_query($dbc, $query);

    if (mysqli_num_rows($data) == 1) {
        $row = mysqli_fetch_array($data);
        setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30)); //expires after 30 days
        setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));
        $home = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
        header('Location: ' . $home);
    }
    else {
        $errmsg = '<p class="errormsg">Username or password is incorrect.</p>';
    }
}

And for some reason, it always ends up setting $errmsg in the else statement. I am sure that I'm entering information (username,password) that is correct and exists in the database.

I insert my values (from a signup script) using this query:

$query = "INSERT INTO members (username, password, email) VALUES ('$username', SHA('$password'), '$email')";

Anyone see the problem with this script? Thanks!

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql