Hi.
I’m implementing a student number and password login system for a project management system using PHP and SQL.
I have the encryption (sha1) working in a registration fine but when I try login with the ID and password it won’t login even though the creds are correct…
here’s the code
if (isset($_POST['submit'])) { // Form has been submitted.
$errors = array();
// perform validations on the form data
$required_fields = array('id', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('id' => 20, 'password' => 50);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$stu_num = trim(mysql_prep($_POST['id']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ( empty($errors) ) {
// Check database to see if ID and the hashed password exist there.
$query = "SELECT *";
$query .= "FROM users ";
$query .= "WHERE id = '{$stu_num}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result_set = mysql_query($query);
confirm_query($result_set);
if (mysql_num_rows($result_set) == 1) {
// ID/password authenticated
// and only 1 match
$found_user = mysql_fetch_array($result_set);
redirect_to("student_content.php");
} else {
// ID/password combo was not found in the database
$message = "ID/password combination incorrect.<br />
Please make sure your caps lock key is off and try again.";
}
} else {
if (count($errors) == 1) {
$message = "There was 1 error in the form.";
} else {
$message = "There were " . count($errors) . " errors in the form.";
}
}
The ID and password are stored in a users table in a DB.
Any help is greatly appreciated.