Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

sha1 Coding Problem

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

sha1 Coding Problem

Postby plonic » Fri Oct 01, 2010 6:16 am

Hi

I am developing a secure login system for users. I am using PHP5 and MySQL. I have sorted out the registration section without a problem and the password is stored as a SHA1 Hash in the user table.

I now need a 'check login section' to recieve data from the login form. My code is -

<?php

/* Check user details */
$con = mysql_connect("localhost","my_db", "my password");
$passwordHash = sha1($_POST['password']);
$username = $_POST['username'];
$db = mysql_select_db("my_db", $con);

if (!$con)
{
die('Could not connect: ' . mysql_error());
}

$sql = 'SELECT username FROM users WHERE username = ? AND passwordHash = ?';
$result = $db->query($sql, array('$username', '$passwordHash'));
if ($result->numRows() < 1)
{
/* Access denied */
echo 'Sorry, your username or password was incorrect!';
}
else
{
/* Log user in */
printf('Welcome back %s!', $_POST['username']);
}

?>

My database connection is solid. I keep getting the following error -

Fatal error: Call to a member function query() on a non-object in /home/threesix/public_html/checklogin5.php on line 15

Line 15 is -

$result = $db->query($sql, array('$username', '$passwordHash'));

I would be grateful if someone could tell me which object has not been defined.

Thanks
plonic
New php-forum User
New php-forum User
 
Posts: 1
Joined: Fri Oct 01, 2010 6:04 am

Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron