how to password & exp date

Question

ckdoublenecks 0 Light Poster

14 Years Ago

I think the below code will do the password If I can figure out how to direct this program to the the main program if the password is correct. Can someone help me with the link, please?

<?php
mysql_connect(localhost,root,"");
mysql_select_db(entrydb) or die( "Unable to select database");
if(!empty($_POST["submit"]))
{
 $password = $_POST['password'];
$expdate = $_POST['expdate'];
$query="SELECT password, expdate FROM entrydata Where password='$password'";
$result=mysql_query($query);
if(mysql_num_rows($result))
{
  echo "<form action='#' method='post'>";
       
  echo "</form>";
}
  else{echo "Access denied<br />";}
 }
?>
<form method="post" action="#"><br />
 <input type="text" name="password"/><p>
<input type="submit" name="submit" value="enter password"/>
</form>

php

Edited 14 Years Ago by ckdoublenecks because: n/a

2 Contributors
4 Replies
187 Views
6 Days Discussion Span
Latest Post 14 Years Ago Latest Post by ckdoublenecks

diafol

14 Years Ago

I don't follow. What do you want to do? Is this your code?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ckdoublenecks 0 Light Poster · Answer 1 · 2010-10-25T06:28:31+00:00

Yes, this is my code. I'm trying to use this code to compare to the password from a database and reject if input doesn't match and go to my main page if it does. It works but I can't find how to link to the main page. Basically I'm trying to password protect the system (localhost)I've developed. Then I'm hoping to learn how to use the exp date from the database to compare to the system date. I'm sure there are better ways but this is what I came up with??

diafol · Answer 2 · 2010-10-30T22:38:24+00:00

My quick and dirty solution (pseudocode):

1. get password from input and current date from date(xxx), where xxx is the format used in your db, so that you can compare them easily;
2. your password in the db should be 'hashed and salted', so you need to hash and salt the password input for comparison.
3. use one mysql query where you check for the 'user_id' AND the 'hashed_password' AND the 'exp_date'.
4. if you receive no results, e.g. mysql_num_rows($query) == 0, then you know there's a problem.

You can tart this up substantially, but that's my usual method. NOTE - hashing + salting a password means that the original password is no longer available for retrieval. If an user loses the pw, am email should be sent to their address with a confirmation querystring. If the user follows the link - a new pw is generated and sent to the same email address. Otherwise, nothing happens - this is to prevent malicious 'reset my password' problems.

ckdoublenecks 0 Light Poster · Answer 3 · 2010-10-30T23:25:24+00:00

ckdoublenecks 0 Light Poster

14 Years Ago

thanks a lot