I have been toying around with my own website lately, got some nice inputs from some of you guys for a php script that helped showing online peeps on the server, and now im unto the creating user system.
It actually works just great except for one thing. When the password is being insert into the account table, something is going wrong.
I'll post the whole thing in small pieces for you to get an understanding of whats going wrong
Part 1 is the form (nothing speciel here though)
The user is being create successfully, but when you try to login using WoW it says that either password or username have been spelled wrong, and thats not the case here.
I think its something with the encrypting in the database maybe?
Can anyone see the problem here?
Really hope you can help me on this one :blush:!!
EDIT: Okay I can see it have something to do with the SHA1 password encrypting. When I register my self under the password "ffffff" and I look it up in the database it got the encyption "506da6907f960f50cad09ca45512519f91515237", but if I make an echo with "ffffff" as SHA1 it turns out like this "c81019207890deb5cba8cda1de0dd6b1c229eeff " completely different.
Anyone knows where in this code the encryptions fails?
It actually works just great except for one thing. When the password is being insert into the account table, something is going wrong.
I'll post the whole thing in small pieces for you to get an understanding of whats going wrong
Part 1 is the form (nothing speciel here though)
Part 2 is the creating process (when the users have typed in their personal info)
PHP:
<?php
$conn = mysql_connect('localhost', 'username', 'password') or die(mysql_error());
mysql_select_db('realmd', $conn); // Selecting the Realmd database
//Setting the Expansion ($tbc) to 1 and getting the ip address from user
$tbc = "1";
$ip = getenv('REMOTE_ADDR');
// is ?try=true in the url?
if (isset($_GET['try'])) {
// Yes, the user has clicked on the submit button, check all fields
if(empty($_POST['username']) OR
empty($_POST['password']) OR
empty($_POST['email']) ) {
// At least one of the file is empty, display an error
// Redirecting you to another page
header("Refresh: 1; url=http://127.0.0.1/LegendaryLeague/fields_empty.php");
} else {
// User has filled it all in!
// SQL save variables
$username = mysql_real_escape_string($_POST['username']);
$password = SHA1($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$query = mysql_query("SELECT COUNT(id) FROM account
WHERE username = '" . $username . "'
OR email = '" . $email . "' ") or die(mysql_error());
list($count) = mysql_fetch_row($query);
if($count == 0) {
// Username and Email are free!
mysql_query("INSERT INTO account
(`username`, `sha_pass_hash`, `email`, `expansion`, `last_ip`)
VALUES
('" . $username . "', '" . $password . "', '" . $email . "', '" . $tbc . "', '" . $ip . "')
") or die(mysql_error());
//Redirecting you to the success register page
header("Refresh: 3; url=http://127.0.0.1/LegendaryLeague/success_register.php");
} else {
// Username or Email already taken
// Redirecting you to the failed register page
header("Refresh: 3; url=http://127.0.0.1/LegendaryLeague/failed_register.php");
}
}
}
?>I think its something with the encrypting in the database maybe?
Can anyone see the problem here?
Really hope you can help me on this one :blush:!!
EDIT: Okay I can see it have something to do with the SHA1 password encrypting. When I register my self under the password "ffffff" and I look it up in the database it got the encyption "506da6907f960f50cad09ca45512519f91515237", but if I make an echo with "ffffff" as SHA1 it turns out like this "c81019207890deb5cba8cda1de0dd6b1c229eeff " completely different.
Anyone knows where in this code the encryptions fails?
