PHP - How To Encrypt Password In Php Cli

Hello!

I've got an issue! I'm trying to pass a very very long variable from JS to PHP through $_GET, but it seems too long for get.

Is there any encryption function that works on both JS and PHP, so I can encrypt it in JS, send it though GET and decrypt it in PHP?

Thanks !

Hey guys!
I have a doubt and this is a question that relates Flash and PHP...

I have a flash (swf) file that grabs/sends variables from/to php.
That swf file is FULLY encrypted and the paths to the PHP urls are also encrypted.

Is there any other way a hacker could find out where and which my PHP files are located/named?

Any ideas, suggestions?
Thanks in advance!
Cheers,

This is my code it's not working.

$username = $_POST['username'];


        $password = $_POST['password'];
        $encrypt_password = md5($password);

        $email = $_POST['email'];


        $usrsql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$encrypt_password'";

//--> Below is the INSERT Code

$query = "INSERT INTO `x_users` (username, password, email) VALUES ('$username', '$encrypt_password', '$email')";

        $result = mysql_query($query);

        if($result == 1) {

            print("Thank you, your accout has been created!");
        }

Can anyone tell me why the md5() function is not working?
Edited by Tom8001, 28 November 2014 - 07:49 PM.

Can php encrypt a link so that it's hidden or expires after a download or x number of days? An example of this use would be on music download sites.

Hello everyone... I am developing a software as a service program for use by multiple companies, each would have their own instance of the application... The part that I am not really to clear on, is what would be the most secure, with low latency, PHP method of encrypting/decrypting data to and from the database... all data is sent over SSL... I would also want to use a unique key for each company... Access to the program itself is protected from the outside by a user based log in system...

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...


Basically, when this posts, I want to do a foreach on $_POST and see something like:
password = 1f3870be274f6c49b3e31a0c6728957f
  and not
password = stringTheUserTyped

I hope what I'm asking for is clear.
(PHP 5.2.14)

Thanks!

I am currently recoding a website from ASP to PHP.

The aim is for a customer to add items to a cart, fill in their credit card details.
Then an email is encrypted (on the secure website) and sent to the client.

The client then opens the email on her PC and it is decoded either when she opens the e-mail, or downloads an attachment that can be opened by a program
that requires a password. Once entered the order is revealed, the e-mail is decrypted.

I just wondered if anyone has any link to sites where I can download the de-crypting software to install on the clients machine.

Or any other ideas on sending an encrypting email and decrypting on the recipients computer.

Many thanks.

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];
               
            echo "
            
               <h4>Options for:</h4> &nbsp; $username
               <br />
               <br />
               First name: &nbsp; $firstname
            
               <br />Last name: &nbsp; $lastname       
   
   <br /><br /><h3>Want to change your password:</h3><br />
   
      <form action='?do=option' method='post'>
   
      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />
                  
      <center></div><input type='submit' value='Submit'/></center></form>";   
      
            
         }else{
            echo 'Please login to view your options!';
         }
      
      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];
      
      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }
      
      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }
      
      //Find if entered data is correct
      
      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];

            
         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")
      
      ?>          

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)                                                 
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database.

(No super private data like credit card numbers or social security numbers.)

Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL.

Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above...

My thoughts:
1. The "secret cyphers" are located on my server, so if someone hacks my server, they'll get the secret cyphers anyway.
2. Encrypting the Customer Data will add, at the most, 5 extra minutes, for the hacker to find.
3. Perhaps if mySQL was stored on a different server, encrypting may be useful... but mySQL is on same server.
4. On the flipside, if I did get hacked, at least I could demonstrate I tried my best to encrypt what I could...

What do you all think?

Sorry for my bad english. I am not from around these parts.

 

Hi.
I  purchased software for a PayPal subscription management system, and it relies on user verification by way of a username (email address) and a hashed password.

I have also developed my own login scripts for an application which also uses a hashed md5 password and all that works fine. I want to integrate my scripts with the purchased software using the supplied mySql database tables.

My problem is that the supplied software goes a step further than a hashed md5 password by applying initializing vectors to the hashed password. I cannot figure out how to modify my login code to accommodate the encrypted password that appears in the database.

It is beyond my current abilities to work this out on my own. I'd really appreciate it if anyone can help.

I've attached my own login script below, and Ive attached what I believe is the decryption code that comes with the purchased software. There is also a database file that relates to this.

Hope someone can help me.

<?php
session_start();
if ($_POST['password']) {
//Connect to the database 
    include_once "db_connect.php";    
$email = stripslashes($_POST['payer_email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = preg_replace("/[^A-Za-z0-9]/", "", $_POST['password']); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all relevant database data into SESSION variables.
$sql = mysql_query("SELECT * FROM sec_tblusers WHERE payer_email='$email' AND password='$password' AND signedup='1'") or die("failed"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
        // Get member data into a session variable
        $id = $row["recid"];   
        session_register('recid'); 
        $_SESSION['recid'] = $id;
   
        $payer_email = $row["payer_email"]; 
        session_register('payer_email'); 
        $_SESSION['payer_email'] = $payer_email;
        
        $password = $row["password"]; 
        session_register('password'); 
        $_SESSION['password'] = $password;        
           
        $iv = $row["iv"]; 
        session_register('iv'); 
        $_SESSION['iv'] = $iv;
         
        $signedup = $row["signedup"]; 
        session_register('signedup'); 
        $_SESSION['signedup'] = $signedup;
         
        $lastlogin = $row["lastlogin"]; 
        session_register('lastlogin'); 
        $_SESSION['lastlogin'] = $lastlogin;
    
        // Update last_log_date field for this member now
        mysql_query("UPDATE sec_tblusers SET lastlogin=now() WHERE recid='$id'");
        // Print success message here then exit the script
        //header("location: member_profile.php?id=$id"); 
        header("location: adduser.php?id=$id"); 
        exit();
    } // close while
} else {
// Print login failure message to the user and link them back to your login page
  print '<br /><br /><font color="#FF0000">You do not show in our records as a subscriber. Has the subscription expired?</font><br />
<br /><a href="../main.php">Click here</a> to go back.';
  exit();
}
}// close if post
?> 

What I think is the decrypting code that comes with the purchased software goes like this.

<?php 
//---------------------------------------
//Given the payer_email address, return the decrypted password
function getpassword($payer_email, $dbhost, $dbusername, $dbpass, $dbname, $dbprefix, &$message) {

    $dl = new DataLayer();
    $dl->debug=false;
    $dl->connect( $dbhost, $dbusername, $dbpass, $dbname )  or die ( "Database connection error " . $dl->geterror() );
       
    //SELECT password, iv FROM sec_tblusers WHERE payer_email = '" . $payer_email . "'"
    $cols = array("password", "iv");
    $table = $dl->select( $dbprefix."sec_tblusers", "", $cols, "payer_email = '$payer_email'", "" );

    if ($dl->geterror()) {
        $message = "SQL error - user.php ref 58 " . $dl->geterror();
        exit;
    }

    $IV = $table[0]['iv'];
    $password = $table[0]['password'];

    $decryption = new password($IV, $password);
    $decryption->decode();
    $decode = $decryption->getdecodedtext();

    return $decode;

}


//------------------------------------
?> 

The database table is here.

Code: [Select]
-- Table structure for table `sec_tblusers`
--

CREATE TABLE `sec_tblusers` (
  `recid` int(11) NOT NULL AUTO_INCREMENT,
  `payer_email` varchar(100) NOT NULL,
  `password` varchar(50) DEFAULT NULL,
  `iv` int(11) DEFAULT NULL,
  `signedup` int(11) NOT NULL DEFAULT '0',
  `signupdate` datetime NOT NULL,
  `lastlogin` datetime NOT NULL,
  PRIMARY KEY (`recid`),
  UNIQUE KEY `payer_email` (`payer_email`),
  KEY `password` (`password`),
  KEY `signedup` (`signedup`),
  KEY `lastlogin` (`lastlogin`),
  KEY `signupdate` (`signupdate`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ;

--
-- Dumping data for table `sec_tblusers`
--

INSERT INTO `sec_tblusers` (`recid`, `payer_email`, `password`, `iv`, `signedup`, `signupdate`, `lastlogin`) VALUES
(5, 'someone@gmail.com', 'cRbeAWgN3 ', 316, 1, '0000-00-00 00:00:00', '2010-11-10 22:29:06'),
(6, 'someoneelse@gmail.com', 'cRbeAWgN3 ', 269, 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
I suspect that there may be some other relevant code in the purchased software, and I could hunt that up if someone could tell me what I should look for.

Anyway, I'm really in need of some help, or some advice.

Cheers, everyone.

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=353345.0

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>
  
</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>
      
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
  
  
     
   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>


Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

Hi all,

I am trying to make a 'forgot password' script.

The passwords in the database are md5 encrypted.

Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email?

Thanks.


<?PHP 
include("cxn.php");

$sql = "SELECT password FROM Members WHERE email='$_POST[email]'";
$result = mysqli_query($cxn,$sql)
or die ("Couldn't execute query");

$num = mysqli_num_rows($result);

if ($num >0) // Email Address Found 
{
$password = md5($_POST['password']); // Trying to take the md5 off the password here.

$to = "$_POST[email]";
$subj = "Password for website.co.uk";
$mess = "Your password for www.website.co.uk is: \n
$_POST['password'] \n
Please login with your email address and this password. Thank you.";
$mailsend = mail($to,$subj,$mess,$headers);

$update= "An email containing your password has been sent to". $_POST['email'].".";
include("signin-redirect.php");
}
else // Email Address Not Found
{
$registrationerror = "The email address '$_POST[email]' is already registered!";
include("signin-redirect.php");
}

?>

I am having some trouble getting this to pull the password correctly from the database.
I believe the problem is from the password being in md5 format.
I am not sure how to fix the issue.

Much thanks

Code: [Select]
<?php
//signin.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
   echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
   if($_SERVER['REQUEST_METHOD'] != 'POST')
   {
      /*the form hasn't been posted yet, display it
        note that the action="" will cause the form to post to the same page it is on */
      echo '<form method="post" action="">
         Username: <input type="text" name="username" /><br />
         Password: <input type="password" name="password"><br />
         <input type="submit" value="Sign in" />
       </form>';
   }
   else
   {
      /* so, the form has been posted, we'll process the data in three steps:
         1.   Check the data
         2.   Let the user refill the wrong fields (if necessary)
         3.   Varify if the data is correct and return the correct response
      */
      $errors = array(); /* declare the array for later use */
      
      if(!isset($_POST['username']))
      {
         $errors[] = 'The username field must not be empty.';
      }
      
      if(!isset($_POST['password']))
      {
         $errors[] = 'The password field must not be empty.';
      }
      
      if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
      {
         echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
         echo '<ul>';
         foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
         {
            echo '<li>' . $value . '</li>'; /* this generates a nice error list */
         }
         echo '</ul>';
      }
      else
      {
         //the form has been posted without errors, so save it
         //notice the use of mysql_real_escape_string, keep everything safe!
         //also notice the sha1 function which hashes the password
         $sql = "SELECT 
                  userid,
                  username,
                  userlevel
               FROM
                  users
               WHERE
                  username = '" . mysql_real_escape_string($_POST['username']) . "'
               AND
                  password = '" . sha1($_POST['password']) . "'";
                  
         $result = mysql_query($sql);
         if(!$result)
         {
            //something went wrong, display the error
            echo 'Something went wrong while signing in. Please try again later.';
            //echo mysql_error(); //debugging purposes, uncomment when needed
         }
         else
         {
            //the query was successfully executed, there are 2 possibilities
            //1. the query returned data, the user can be signed in
            //2. the query returned an empty result set, the credentials were wrong
            if(mysql_num_rows($result) == 0)
            {
               echo 'You have supplied a wrong user/password combination. Please try again.';
            }
            else
            {
               //set the $_SESSION['signed_in'] variable to TRUE
               $_SESSION['signed_in'] = true;
               
               //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
               while($row = mysql_fetch_assoc($result))
               {
                  $_SESSION['userid']    = $row['userid'];
                  $_SESSION['username']    = $row['username'];
                  $_SESSION['userlevel'] = $row['userlevel'];
               }
               
               echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
            }
         }
      }
   }
}

include 'footer.php';
?>

I know i left out the connect that works fine but when i run this it tell me wrong password even if i copy and paste the user name and password from my database....
Can anyone help me please



{ 
        $username = $_COOKIE['ID_my_site']; 

        $pass = $_COOKIE['Key_my_site'];

                $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

        while($info = mysql_fetch_array( $check ))      

                {

                if ($pass != $info['password']) 

                        {

                                                }

                else

                        {

                        header("Location: members.php");



                        }

                }

 }


 if (isset($_POST['submit'])) { // if form has been submitted



        if(!$_POST['username'] | !$_POST['pass']) {

                die('You did not fill in a required field.');

        }




        if (!get_magic_quotes_gpc()) {

                $_POST['email'] = addslashes($_POST['email']);

        }

        $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());




 $check2 = mysql_num_rows($check);

 if ($check2 == 0) {

                die('That user does not exist in our database.');

                                }

 while($info = mysql_fetch_array( $check ))     

 {

 $_POST['pass'] = stripslashes($_POST['pass']);

        $info['password'] = stripslashes($info['password']);

        $_POST['pass'] = md5($_POST['pass']);



        if ($_POST['pass'] != $info['password']) {

                die('Incorrect password, please try again.');

        }
else 

 { 

 

         $_POST['username'] = stripslashes($_POST['username']); 

         $hour = time() + 3600; 

 setcookie(ID_my_site, $_POST['username'], $hour); 

 setcookie(Key_my_site, $_POST['pass'], $hour);  

  

 header("Location: members.php"); 

 } 

 } 

 } 

 else 

{        

 

 ?> 

 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 

 <table border="0"> 

 <tr><td colspan=2><h1>Login</h1></td></tr> 

 <tr><td>Username:</td><td> 

 <input type="text" name="username" maxlength="40"> 

 </td></tr> 

 <tr><td>Password:</td><td> 

 <input type="password" name="pass" maxlength="50"> 

 </td></tr> 

 <tr><td colspan="2" align="right"> 

 <input type="submit" name="submit" value="Login"> 

 </td></tr> 

 </table> 

 </form> 

 <?php 

 } 

 

 ?>