05.04.2012, 21:52
1. Make sure that the passwords are both the same case, this matters.
2. On the login.php that you posted, you're not even using whirlpool. Instead of
use
And do the same for
3. A better way to do the login would probably be the following:
The above makes it so you don't need to fetch the whole line from the MySQL database.
2. On the login.php that you posted, you're not even using whirlpool. Instead of
PHP код:
$pass = $_POST["parool"];
PHP код:
$pass = hash('whirlpool', $_POST["parool"]);
PHP код:
$newpass = mysql_escape_string($_POST['newpass']);
$newpassconfirm = mysql_escape_string($_POST['newpassconfirm']);
$password = mysql_escape_string($_POST['currentpassword']);
PHP код:
$pass = hash('whirlpool', $_POST["parool"]);
$querytxt = "SELECT * FROM accounts WHERE Name = '$kasutaja' AND password = '$pass'";
$result = mysql_query($querytxt);
$nouser = mysql_num_rows($result);
if($nouser == 0)
{
echo '<div class="oskar"><font color="red">User or password doesnt exist!</font><form name="input">
Username: <input type="text" name="kasutaja" />
Password: <input type="password" name="parool" />
<br />
<input type="button" value="Submit" onClick="get();" />
</form></div>';
}
else
{
echo "<ul class='sb_menu'>
<li><h3>Welcome, $kasutaja!</h3></li>
<li><a href='?page=ucp'>My Account</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>";
$_SESSION["kasutaja"] = $kasutaja;
}