Hey guys/gals i have a simple login script in a flash file that sends a user name and password to a php script and the php script processes it and sends back a response. Now this doesn't doesnt find a user.
And this one does find a match when i ommit the password search?PHP Code:<?php
include "conn.php";
$username = $_POST['user'];
$pass = $_POST['pwd'];
if(isset($username) && isset($pass)) {
$query = "SELECT * FROM members " .
"WHERE user_name = '$username'" .
"AND password = (PASSWORD('$pass'))";
$result = mysql_query($query)
or die(mysql_error());
if(mysql_num_rows($result) == 1) {
echo "msg=hello $username we found you";
}else{
echo "msg=Invalid username or password";
}
}
?>
All passwords are encrypted before they are stored using the mysql PASSWORD. So i was wondering if i have written the query wrong?PHP Code:<?php
include "conn.php";
$username = $_POST['user'];
$pass = $_POST['pwd'];
if(isset($username) && isset($pass)) {
$query = "SELECT * FROM members " .
"WHERE user_name = '$username'";
//"AND password = (PASSWORD('$pass'))";
$result = mysql_query($query)
or die(mysql_error());
if(mysql_num_rows($result) == 1) {
echo "msg=hello $username we found you";
}else{
echo "msg=Invalid username or password";
}
}
?>
A Flash Developer Resource Site
Reply With Quote
