Login
This works fine. However, now that the password is hashed in the database, how do I write the login so as to read it?
<!<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Register</title> </head> <body> <form name="register" action="register2a.php" method="post"> <table width="510" border="0"> <tr> <td colspan="2"><p><strong>Registration Form</strong></p></td> </tr> <tr> <td>Username:</td> <td><input type="text" name="username" maxlength="20" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password1" /></td> </tr> <tr> <td>Confirm Password:</td> <td><input type="password" name="password2" /></td> </tr> <tr> <td>Email:</td> <td><input type="text" name="email" id="email" /></td> </tr> <tr> <td> </td> <td><input type="submit" value="Register" /></td> </tr> </table> </form> </body> </html>
<?php $username = $_POST['username']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; $email = $_POST['email']; if($password1 != $password2) function createSalt() { } $salt = createSalt(); $conn = mysqli_connect('localhost', 'root', '', 'login'); //we have added the database name called "login" //mysql_select_db('login', $conn); //we remove this line //sanitize username $query = "INSERT INTO member ( username, password, email, salt ) VALUES ( '$username', '$password', '$email', '$salt' )"; //added $conn variable in order to connect to our database. ?>
<form name="register" action="register2a.php" method="post">
to:
<form name="register" action="register2b.php" method="post">
register2b.php
<?php $username = $_POST['username']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; $email = $_POST['email']; if($password1 != $password2) function createSalt() { } $salt = createSalt(); $mysqli = new mysqli('localhost', 'root', '', 'login'); //we change the mysqli_connect to "new mysqli" //sanitize username $username = $mysqli->real_escape_string($username); $query = "INSERT INTO member ( username, password, email, salt ) VALUES ( '$username', '$password', '$email', '$salt' )"; //remove $conn variable in order to connect to our database using OOP. $mysqli->query($query); $mysqli->close(); ?>