「Help」Website Login

[Kenta Soro]

i cant login, whats wrong with the code ?

<?phpsession_start();
include_once 'dbconnect.php';


if(isset($_SESSION['user'])!="")
{
    header("Location: home.php");
}
if(isset($_POST['login_btn']))
{
    $username = $_POST['usrname'];
    $password = $_POST['password'];


    $query = "SELECT * FROM dnmembership.dbo.Accounts WHERE AccountName='$username' and NxLoginPwd='$password'";


    $response = mssql_query($query);
    $row = mssql_fetch_array($response);


    if($row['NxLoginPwd']==md5($password))
    {
        $_SESSION['user'] = $row['AccountName'];
        header("Location: home.php");
    }
    else{
        echo("Wrong Credentials");
    }


}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Tutorial - 01</title>
</head>
<body>
<center>
    <div>
        <form method="post">
            <table align="center" width="30%" border="0">
                <tr>
                    <td><input type="text" name="username" placeholder="Your Username" required /></td>
                </tr>
                <tr>
                    <td><input type="password" name="password" placeholder="Your Password" required /></td>
                </tr>
                <tr>
                    <td><button type="submit" name="login_btn">Sign In</button></td>
                </tr>
                <tr>
                    <td><a href="signup.php">Sign Up</a></td>
                </tr>
            </table>
        </form>
    </div>
</center>
</body>
</html>

 

[whintz]

you can use this query

"SELECT * FROM dnmembership.dbo.Accounts WHERE AccountName='$username'"

without "and NxLoginPwd='$password'"

and change this <form method="post"> with <form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">

 

[Kenta Soro]

still wont login, i think its because of the md5 hash.. but i have no idea how to fix it

 

[whintz]

hey.. can you show to me ,your error message..

 

[LastEdge]

<?php
include 'dbconnect.php';
session_start();


$name = $_POST['username'];
$pass = $_POST['password'];


$s=@mssql_connect( $myServer, $myUser, $myPass ) or die("<div style='color:#f00;font-family:Arial;'>Не удалось подключиться к SQL Server</div>");
@mssql_select_db($DBDNMembership, $s) or die ("<div style='color:#f00;font-family:Arial;'>Не удалось открыть базу данных</div>");


//checkuser
$result = mssql_query("SELECT AccountID from Accounts where AccountName='$name' and NxLoginPwd = SUBSTRING(master.dbo.fn_varbintohexstr(HashBytes('MD5', '$pass')), 3, 32)");


$exist = mssql_num_rows($result);
if($exist <= 0){
echo "<div style='color:#f00;font-family:Arial;'>Такого аккаунта не существует </div>";
exit();}

$info=mssql_fetch_array($result);
$AccountID=$info[AccountID];
mssql_close();

$_SESSION['AccountID']=$AccountID;
echo "$AccountID";
exit();


if ($LoginResult==5){
echo "<div style='color:#f00;font-family:Arial;'>Неправильный Логин или Пароль</div>";
exit();
}
echo "<div style='color:#f00;font-family:Arial;'>Неизвестная ошибка</div>";
?>