[php] Cant do it :(

[m0k1]

Hi, all i making some site login ... but i want to connect it with vbulletin but i can't ... i always fail ...

I need to do this md5((md5(userpassword)+salt),salt is some custom numbers in mysql table so i do all of that but i think to salt is not query ... can someown help me with this ?

part of that code
https://paste2.org/p/1826539

[Alexlemaitre]

Hi,

I look up at your code and i see some different parts of this code which are not really good, i put another structure to correct it and i expect it'll work .

I changed the $ names just as i do it when i program .
If you need help, tell us.

As the script in case IF, i see that you put if ... < 1
I think there's no reason to put this, so i changed it to == true

Last thing is when you put a $_name inside a SQL query, you must put this style ( i use it )

==> $name = "SELECT ... FROM ... WHERE ... =(single quote)(double quote)(dot)$name(dot)(double quote)(single quote) ... ";

Alex,


<?php

include ("connect.php");

if (isset($_POST['submit']) && $_POST['submit'] == "TEXT_APPEAR_OF_BUTTON") // name button ...
{
$username1=$_POST['username'];
$passwords=$_POST['password'];
$sql = "SELECT salt FROM user WHERE username = '".$username1."'";
$query = mysql_query($sql);
$salt = mysql_fetch_array($query);

$password1=md5($passwords);
$password2=md5($password1 && $salt);

$sql_user = "SELECT * from user where username= '".$username1."' and password='".$password2."'";
$req_user = mysql_query($sql_user) or die("Could not get admin");
$user = mysql_fetch_array($req_user);

if(strlen($user['username']) == true )
{
echo "wrong user /pass.";
}
elseif(strlen($passwords) == true )
{
echo "wrogggg.";
}
else
{
$username = $_SESSION['pwngame'];
echo "thanks for login !";
}


}
?>

[m0k1]

Great Thanks

[Alexlemaitre]

If you're code is okay, i think you can close the topic .

Alex,