Hello this works for me for checking my login. Is this one more secured? Also when the application contains more no of users in thousands, does the query executes faster. Is there any other way to speed up the process?
Code:<?PHP $username = $_POST['txtusrname']; $userpwd = $_POST["txtusrpwd"]; //echo ($username); //echo ($userpwd); //connecting to database $dbhost = "localhost"; $dbuser = "root"; $dbpass = "admin"; $dbname = "db_snw"; $dbconn = mysql_connect($dbhost,$dbuser,$dbpass) or die("Can't connect database"); mysql_select_db($dbname,$dbconn) or die("can't select table"); //removing special characters $username = mysql_real_escape_string($username); //selecting row for the current username $query = "SELECT userpwd,salt FROM tbl_users WHERE username = '$username';"; $result = mysql_query($query); if(mysql_num_rows($result) < 1) { echo ("No Such User Exists"); } // echo ($query); // echo ($result); //checking if the user is true $userdata = mysql_fetch_array($result,MYSQL_ASSOC); $hash = sha1( $userdata['salt'] . sha1($userpwd) ); echo ($userdata['userpwd']); // echo ($hash); //incorrect password if($hash != $userdata['userpwd']) { echo("Incorrect Login"); header('Location: default.php'); } else { echo ("Login Successful"); } ?>




Reply With Quote