$db_pass = ""; $db_name = "irkut"; //connect to Mysql dbms $link = mysql_connect($db_host, $db_user, $db_pass); //Select the database with the 'validate' table mysql_select_db($db_name, $link); //formulate the query and send it to dbms for execution function md5_salt($string) { $salt = md5($string . "%*4!#\$;\\.k~'(_@"); // Hash the string $string = md5("{$salt}{$string}{$salt}"); return $string; } $password = $_POST[password]; $pasword = md5_salt($password); //echo $pasword; $query = "SELECT username FROM validate " . "WHERE username = \"{$_POST['username']}\" " . "AND password = \"{$pasword}\" "; $result = mysql_query($query, $link); //Check the number of rows in the query results set. If the //username/password is on file, the query will produce exactly //1 row os results. If not, mysql_num_rows() will find that the //query returned zero (0) rows. if (mysql_num_rows($result) == 0) { header("Location: Accessdenied.php"); } else { $_SESSION['username'] = $_POST[username]; session_register("username"); $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: ' . mysql_error());
$username = $_POST['username']; function md5_salt($string) { $salt = md5($string . "%*4!#\$;\\.k~'(_@"); // Hash the string $string = md5("{$salt}{$string}{$salt}"); return $string; } $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("irkut", $con); $npassword = $_POST['npassword']; $newpass = md5_salt($npassword); $query = "SELECT password FROM validate " . "WHERE username = \"{$username}\" "; $result = mysql_query($query, $con); while ($row = mysql_fetch_array($result)) { $password = $row[password]; } mysql_close($con); $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("irkut", $con); mysql_query("UPDATE validate SET password = '******'\nWHERE username = '******' "); mysql_close($con); header("Location: login2.php?username={$username} & password={$npassword}"); //echo $opassword;