When a user registers with my site I store their sign up information in a database with the following PHP commands:
$encrypted_password = (md5($password));
$sql = "insert into user set
username='$username',
passwd='$encrypted_password',
email='$email'";
I'm having trouble when they try to log in. I'm using the following PHP command to test whether the username/password combination exists in the database.
$result = @mysql_query( "select * from user where username = '$username' and passwd = md5('$password')");
Even if the username and password that I try to log in with does exist in the database, I get a "could not log you in" message every time. I think it might be because I'm not "decrypting" the password properly.
Does anyone have any suggestions? Do I have the syntax correct for retrieving the password from the database in the correct (unencrypted) form?
2006-10-29
10:29:30
·
3 answers
·
asked by
Anonymous