BetterPHP

Ok, here goes

I have the following PHP code:

<?php
	include('core/conf.php');
	$user=$_POST['user']; 
	$password=$_POST['password'];
	$user = stripslashes($user);
	$password = stripslashes($password);
	$user = mysql_real_escape_string($user);
	$password = mysql_real_escape_string($password);
	$enc=md5($password);
	$usr=md5($user);
	$sql="SELECT * FROM $tbl_name WHERE username='$usr' and password='$enc'";
	$result=mysql_query($sql);
	$count=mysql_num_rows($result);
	if(isset($_POST['user'])){
		if($count==1){
			session_register("user");
			session_register("password"); 
			header("location:index.php");
		}else{
			$false_enc = '<b><font color="#CC0000">Incorrect details</font></b>';
			$enc_type = 'text-input-wrong';
		}
	}else{
		$false_enc = 'Need help? Contact the <a href="http://website.com/contact">Admin</a>';
		$enc_type = 'text-input';
	}
?>

The form being:

                <form action="login.php" method="post" id="login">  
                    <div class="field">  
                        <label for="email">Email</label>  
                        <input type="text" name="user" id="user" class="<?php echo $enc_type; ?>" placeholder="you@email.net" />  
                    </div>  
                    <div class="field">  
                        <label for="password">Password</label>  
                        <input type="password" name="password" id="password" class="<?php echo $enc_type; ?>" placeholder="'ooh, secret'" />  
                    </div>
                    <div class="action clearfix"> 
                        <input type="submit" value="Submit" /> 
                        <div class="enc">
                    		<?php echo $false_enc; ?>
                    	</div> 
                    </div>
                </form>

I (as stated in the title) want to echo the user's email (username) on a different page, which has this this validation script:

session_start();
	if(!session_is_registered(user)){
		header("location:login.php");
	}

And yes, the email is encrypted with MD_5, but I am likely to change all of that to suit this.

Please help me, I tried to find this on Google but none of that actually worked for me :/

(oh, and first topic by me yay!)

Well fist thing, replace those session_register() functions with the use of $_SESSION as detailed here http://php.net/manual/en/function.session-register.php

Then if you store the email address in the session when they log in you can then use that variable to output it later on

So do this when they get the password correct.

$_SESSION['email'] = $_POST['user'];

and this to output it later

echo $_SESSION['email'];

Oh, also yay for first post

jacek wrote:Well fist thing, replace those session_register() functions with the use of $_SESSION as detailed here http://php.net/manual/en/function.session-register.php

Oh hehe, deprecation is a b**** explains why the login wouldn't work on my main host.

As always, worked like a charm.
Thanks :]

abcedea wrote:As always, worked like a charm.

Btw, I love this

abcedea wrote:And yes, the email is encrypted with MD_5, but I am likely to change all of that to suit this.

Why would you MD5 a email? This makes no sens to me, untill you have 80.000 CPU hours to decode the md5, this is kinda useless
(Google MD5 Hacked)

janvier123 wrote:Why would you MD5 a email? This makes no sens to me, untill you have 80.000 CPU hours to decode the md5, this is kinda useless
(Google MD5 Hacked)

Like I said, I'm likely to change this.

I get really paranoid sometimes...

If you are only using the email for login it might be quite nice as a way to assure people that you won't sell their email address to spammers if you don't actually store it