Comparing passwords in php and sending it to a database -


i making login in page , beginner programmer need know function compare passwords if not match tell user dont match , need encrypt them sent database

thank you

this have far:

<?php  $firstname = $_post['firstname']; $lastname = $_post['lastname']; $email = $_post['email']; $password = $_post['password']; $password2 = $_post['password2'];  if ($&&$password&&$email&&$firstname&&$lastname) {  if int strcmp ( string $password , string $password2 ) {  $connect = mysql_connect("localhost","root","power1") or die("couldn't connect!"); mysql_select_db("members") or die ("couldnt find db!");  insert users (firstname, lastname, email, password,...) values ($firstname, $lastname, $email, $password, $password2,...)  } else     die("your passswords not match")   } else     die("please enter credentials");  ?>

i think great came here ask , love you've dived want do.

<?php  $firstname = $_post['firstname']; $lastname = $_post['lastname']; $email = $_post['email']; $password = $_post['password']; $password2 = $_post['password2'];

so far, great. you've created variables, such $firstname, easier read , type $_post['firstname']. many php programmers this.

what have careful of, though, nothing guaranteed exist in $_post array. therefore, things $_post['firstname'] can undefined. reason, have test desired values exist first.

if ($&&$password&&$email&&$firstname&&$lastname) {

i believe here wanted test post values exist. unfortunately, late, error have occurred above. should consider starting program in fashion.

<?php  if (isset($_post['firstname']) && isset($_post['lastname'])  && isset($_post['email'])     && isset($_post['password'])  && isset($_post['password2'])) {     $firstname = $_post['firstname'];     $lastname = $_post['lastname'];     $email = $_post['email'];     $password = $_post['password'];     $password2 = $_post['password2'];      // rest of script... }

in example, make sure of post values want use exist before start using them. example not encounter errors if post values missing.

if int strcmp ( string $password , string $password2 ) {

you have right idea, not need use strcmp compare 2 strings equality in php. instead, may use == operator.

if ($password == $password2) {

if wanted use strcmp, can learn documentation page http://php.net/strcmp function returns 0 if strings equal. therefore, use this.

if (strcmp($password, $password2) == 0) {

after you've made sure passwords match, when you'd want hash password. note hashing different encryption: hashing one-way, meaning once password hashed cannot take hash code , password; on other hand, encryption can reversed. because never-ever want bad guys know someone's password is, should hash password rather encrypt it.

of course, strength of hash hashing algorithm, , there many available. sha1 decently strong , fine use until more comfortable programming.

$password_hash = sha1($password);

you've connected database perfectly. nothing wrong here.

$connect = mysql_connect("localhost","root","power1") or die("couldn't connect!"); mysql_select_db("members") or die ("couldnt find db!");

however, there particular way in need query database.

insert users (firstname, lastname, email, password,...) values ($firstname, $lastname, $email, $password, $password2,...)

this query needs given database passing string mysql_query function.

$sql_firstname = mysql_real_escape_string($firstname); $sql_lastname = mysql_real_escape_string($lastname); $sql_email = mysql_real_escape_string($email); $sql_password_hash = mysql_real_escape_string($password_hash);  $sql = "insert users (firstname, lastname, email, password)"       ."`values ('$sql_firstname', '$sql_lastname', '$sql_email', '$sql_password_hash')";  mysql_query($sql);

note couple things. first of all, storing $password_hash in database instead of $password. want, never want bad guys hack database , figure out people's passwords are. secondly, notice not construct sql string using $firstname directly; instead, use $sql_firstname, equivalent $firstname has had special characters escaped -- mysql_real_escape_string function does. vital securing against sql injection attacks, recommend reading on: http://php.net/manual/en/security.database.sql-injection.php.

} else     die("your passswords not match")   } else     die("please enter credentials");

the rest of program done well; deliberately handle these possible error cases. make sure continue consider possibilities , deal each 1 appropriately; doing prevent unknown bugs , security vulnerabilities in code.


Comments

Post a Comment

Popular posts from this blog

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

java - Output of Eclipse is rubbish -

i want write program in eclipse language different english. when display output using system.out program, displays output correctly in console editor. when accept input console , output it, output rubbish. how can solve it. many thnaks i'm not sure if problem, have character encoding problem. make sure you're using unicode, utf-8. you can read more @ official docs converting non-unicode text .
Read more

jquery - Confused with JSON data and normal data in Django ajax request -

i read json internet still have not got grasp of it. reading article http://webcloud.se/log/ajax-in-django-with-jquery/ i not understood first part function using json def xhr_test(request, format): if request.is_ajax(): if format == 'xml': mimetype = 'application/xml' if format == 'json': mimetype = 'application/javascript' data = serializers.serialize(format, examplemodel.objects.all()) return httpresponse(data,mimetype) # if want prevent non xhr calls else: return httpresponse(status=400) my main problems are from function getting format variable does format json mean data given function json or data recived json can give me simple example ouput of function data = serializers.serialize(format, examplemodel.objects.all()) how use data when response in jquery function if don't use json in above function how input , response chnage thanks ...
Read more