encrypted register and login passwords gone wrong

StackOverflow https://stackoverflow.com/questions/22994863

Question

I have a sign up script:

function NewUser() 
{ 
        $fullname = $_POST['name']; 
        $userName = $_POST['user']; 
        $email = $_POST['email']; 
        $password = $_POST['pass'];
        $confirm_password = $_POST['cpass'];
        $salt = 'a salt(not in my real script)';
        $password = crypt($password, $salt);
        $query = "INSERT INTO WebsiteUsers (fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')"; 
        $data = mysql_query ($query)or die(mysql_error()); 
        if($data) 
        { 
        echo "YOUR REGISTRATION IS COMPLETED..."; 
        } 
    }

Which works perfectly, it stores everything inclusive the encrypted password. I also have a check login code:

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT pass FROM $tbl_name WHERE userName='$myusername' ";
$result = mysql_query($sql); 

if (crypt($user_input, $password) == $password){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

There is something going wrong in this code that is blocking my login_success.php it will say that is the wrong username or password, I know it is my password that is going wrong with the encryption. Can someone help me debugging this code so it will see the encrypted password in the right way. Because I am testing the websites login but it doesn't work because(what I think) it can't see the encrypted password right.(sorry for my bad english)

Was it helpful?

Solution

A better approach to creating a site with an authentication system is to make use of a development framework that already has one built in.

A good example is Laravel which has a really robust authentication platform that you can use right out of the box.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top