Hay im new here and i would like some help, im working on a php login script for flash. I had it working to start with but i have changed my registration script so the password is now md5 encrypted. Can some one tell me what i need to edit on the code bellow to make the login work again. Thanks Space-Cowboy

Code:

<? 

//Database Connectivity Variables//

$DBhost = "localhost";
$DBuser = "joj_test";
$DBpass = "test";

$db_name = "joj_stargate";
$login_table = "Users"; 


//Create a connection to the MySQL Database//

$connection = @mysql_connect($DBhost,$DBuser,$DBpass) or die("Couldn't Connect.");
$db = @mysql_select_db($db_name, $connection) or die("Sorry, I could not select the requested Database ");

//SQL Querys
$sql = "SELECT * FROM $login_table WHERE Username = \"$username\" and Password = \"$password\"
";

$result = @mysql_query($sql, $connection) or die("Couldn't execute query.");



/*Now checking for the results of the query. if the results are not equal to zero then everything ok, anything else then the authentication failed*/

$num = mysql_num_rows($result); 

if ($num != 0) { 
 
   
// Send Results Back To Flash //  

echo "status=Authentication Accepted"; 
echo "&chklogin=good";
echo "username=$username";
echo "address=$adres";
exit;  
}
else {
// Send Errors Back To Flash //
 echo "chklogin=bad";
 echo "&status=Athentication Failed";  
}

?>

This may be way off - I only know the way I would write the same bit of code so there may be others ways/syntax so if its not this then ignore me.

I don't really know what the '@' signs are all about....

In the query I dont know if you really need to use the forward slash before the quote.

I THINK this is the problem though, you should use a single quote ' instead of double " because otherwise its taking the $username as a string and not a variable.

Hope this helps, otherwise boot my arse

well it worked using that code before. THe only problem is i dont know how to make it work with a MD5 password!

should say in there http://uk.php.net/manual/en/function.md5.php

Yep that helped pritty easy thanks.

Just to clear some things up :
the @ signs supresses errors on function calls - so if the query fails you don't get a nasty error. This is usually a security measure since the standard SQL error is along the lines of 'mySQL error... blah blah version number blah blah ... using password: no blah blah....', containing info you don't want people to see so easily.

" double quotes " cause variables to expand out to their values, whereas ' single quotes ' ignores the variable and puts $varname straight into the string. When putting string values into mySQL however, you need to put single quotes around them:

PHP Code:

 mysql_query("INSERT INTO table VALUES('$stuff')"); 


This is OK since the string as a whole is in double quotes, so the variable $stuff expands, and the single quotes are taken literally and included in the output.