hittfaktory
02-11-2008, 02:25 PM
I am trying to create a new login page and only redirect a person if they are not logged in. Otherwise, I'd like the script to basically end. However, I don't know how to check the password. Since it is encrytped in the db. How can I un-encrypt the password and check it? Here's the code...
<?
session_start(); // start session.
?>
<html>
<body bgcolor="black"><font color="white">
<?
if(!isset($username) | !isset($password)) {
// escape from php mode.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Only Refs Allowed Beyond This Point. Please login to proceed.</p>
<table align="center" border="0">
<tr>
<th><font color="white">
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th><font color="white">
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="image" src="login.bmp"><br>
<a href="fpass.php"><img src="fpass.bmp" border="0"></a></form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
// If all is well so far.
session_register("username");
session_register("password"); // register username and password as session variables.
include 'cont.php';
$sql = mysql_query("SELECT passwd FROM ost_staff WHERE username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
if($numrows != "0" & $password == $fetch_em["passwd"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to proceed.</p>
<table align="center" border="0">
<tr>
<th><font color="white">
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th><font color="white">
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="image" src="login.bmp">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
?>
<?
session_start(); // start session.
?>
<html>
<body bgcolor="black"><font color="white">
<?
if(!isset($username) | !isset($password)) {
// escape from php mode.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Only Refs Allowed Beyond This Point. Please login to proceed.</p>
<table align="center" border="0">
<tr>
<th><font color="white">
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th><font color="white">
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="image" src="login.bmp"><br>
<a href="fpass.php"><img src="fpass.bmp" border="0"></a></form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
// If all is well so far.
session_register("username");
session_register("password"); // register username and password as session variables.
include 'cont.php';
$sql = mysql_query("SELECT passwd FROM ost_staff WHERE username = '$username'");
$fetch_em = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);
if($numrows != "0" & $password == $fetch_em["passwd"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
?>
<form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to proceed.</p>
<table align="center" border="0">
<tr>
<th><font color="white">
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th><font color="white">
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="image" src="login.bmp">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
?>