Hello
I have been reasearching many sites regarding encryption, I am a bit lost. I can cryp() the password with $salt but when I go to login and compare the passwords it keeps taking me back to the login. I have taken out all the encryption code but below is what I have.
processadduser.php
<?php
session_start();
require "connect.php";
$firstname = $_GET['firstname'];
$surname = $_GET['surname'];
$username = $_GET['username'];
$password = $_GET['password'];
$userlevel = $_GET['userlevel'];
$query = "insert into clergyid values(0,
'".$firstname."',
'".$surname."',
'".$username."',
'".$password."',
'".$userlevel."')";
$result = mysql_query($query, $connection)
or die ("Unable to perform query" . mysql_error());
header("Location: listusers.php");
?>
logincheck.php
<?php
session_start();
require "connect.php";
$username = $_GET['username'];
$password = $_GET['password'];
$query = "select * from clergyid where Username ='".$username."' and Password ='".$password."'";
$result = mysql_query($query, $connection)
or die ("Unable to perform query<br>$query");
$row = mysql_fetch_array($result);
if ($row != null) {
$_SESSION['username'] = $row['Username'];
$_SESSION['password']= $row['Password'];
$_SESSION['userlevel'] = $row['UserLevel']; // store the value of user level
$_SESSION['firstname'] = $row['FirstName'];
$_SESSION['lastname'] = $row['LastName'];
if($_SESSION['userlevel'] == 'admin') {header ("Location: admin.php");} //redirect to admin.php if the user is admin
else {header ("Location: index.php");} // redirect to main page if the user is registered user
exit();
}
else{
$message = "Invalid username or password please try again!";
header ("Location: login.php? message=$message");
exit();
}
?>
I basically need help with house I can encrypt the password and then once its be encrypted compare that to the password entered on the login form.
Any help will be much appreciated
Please can someone help
Regards
Chris