[SOLVED] Little login system

FlyingIsFun1217 · April 17, 2008

Hey!

Needing to create a little site frontend, I figured I'd come back and try PHP again.

Well, I've got my basic code done fairly well, but it doesn't work as expected.

Here's the code:

Index.html:

<html>
<head>
	<title>Simple PHP Gallery</title>
	<meta name="description" content="Simple image gallery using PHP" />
</head>
<body>
	<center>
	<h1>Simple PHP Gallery</h1>
	</center>

	<form>
		<fieldset>
			<form action="loginCheck.php" method="post"/>
				<center>
					<p>
						<b>Password:</b>
						<input type="password" name="passwrd"/>
					</p>
				</center>

				<center>
					<input type="submit" value="View Gallery"/>
				</center>
			</form>
		</fieldset>
	</form>

</body>
</html>

loginCheck.php:

<?php
$passwordFromLogin = $_POST['passwrd'];
$passwordEncrypted = md5($passwordFromLogin);
$passwordCheck = "false";

include("passWrd.php");

if ($passwordEncrypted == $currentPassword)
	header('anjgnwerg.php');
else
	header('error.html');
?>

passWrd.php:

<?php
$currentPassword = 'thisisthepassword';
?>

Now, after entering in a bogus password, I would expect to get my error page, but that's not the case.

An example can be found here.

Thanks!

FlyingIsFun1217

awpti · April 17, 2008

You do realize md5 makes a hash of the incoming password, right?

you would have to include the md5 hash, not the actual password in passWrd.php

$currentPassword = 'thisisthepassword'; would be wrong.

$currentPassword = 'd9ec646d4a782cfbc7f6cdbad62993d1'; would == the md5 of 'thisisthepassword'.

Little vague on what's really happening though.

Also, why are you using header()? Just include it.

FlyingIsFun1217 · April 17, 2008

I know it creates an MD5 hash, that's why I want to use it. Eventually, I'd like to store the MD5 hash of the password, and then check it against the hash of the password entered in the passwrd box. Right now, I want to just make sure that it forwards through the pages like I want it to, so I purposely left the passwrd box as it is, instead of getting it's hash.

Essentially, what I want to do is get the password from the box, check to see if it's the same value as that stored in currentPassword, and proceed if it checked in the same (or regress if it didn't). Sorry if my methods are not clear, I'm used to coding with C++, a more object-oriented approach :/

Thanks again!

FlyingIsFun1217

DJTim666 · April 17, 2008

As awpti said, md5 creates a hash of the incoming value. You're creating a hash of the password, then checking it to see if it's the same as a conjunction of english words.. not gunna happen.

Try un-hashing the password until you've checked to see if it's the same as the $currentPassword.

--

DJ

FlyingIsFun1217 · April 17, 2008

So comparing the hash to the current password is like comparing an int with a char in C++? I think I'm getting it.

I'll use the MD5 hash you posted above, and see if it doesn't work.

Thanks!

FlyingIsFun1217

----------EDIT----------

Tried using the hash, I still get the same results with a wrong password entered. Shouldn't it be going to error.html? Why isn't it, that's my biggest problem right now... :/

Thanks again!

FlyingIsFun1217

FlyingIsFun1217 · April 17, 2008

Bump. Still confused on this one.

Thanks again!

FlyingIsFun1217

jonsjava · April 17, 2008

when you MD5 the password, you receive a 30 character string of data that **NOT** the same as your password. so, if you are comparing current password to the hashed password, you are essentially comparing a scooter to a yacht. There is nothing similar.

miracle_potential · April 17, 2008

login.php

<?
$include("password.php");

$password = $_POST['password'];
$encpass = md5($password);

if($encpass == $real_pass){
header("Location: home.html");
}
else{
header("Location:error.html");
}
?>

password.php

<?
$passwordywordthing == "password!1";
$real_pass == md5($passwordywordthing);
?>

Should work just dandy, you should md5() your real password and failing this just use Javascript

FlyingIsFun1217 · April 17, 2008

Alright, I'll try that.

Thanks for your time!

FlyingIsFun1217

FlyingIsFun1217 · April 18, 2008

Here's my current code (still failing as before):

Index.html:

<html>
<head>
	<title>Simple PHP Gallery</title>
	<meta name="description" content="Simple image gallery using PHP" />
</head>
<body>
	<center>
	<h1>Simple PHP Gallery</h1>
	</center>

	<form>
		<fieldset>
			<form action="loginCheck.php" method="post"/>
				<center>
					<p>
						<b>Password:</b>
						<input type="password" name="passwrd"/>
					</p>
				</center>

				<center>
					<input type="submit" value="View Gallery"/>
				</center>
			</form>
		</fieldset>
	</form>

</body>
</html>

loginCheck.php:

<?php
include("passWrd.php");

$passwordFromLogin = $_POST['passwrd'];
$passwordEncrypted = md5($passwordFromLogin);

if ($passwordEncrypted == $encryptedPass)
{
	header("correctLogin.php");
}
else
{
	header("error.html");
}
?>

passWrd.php:

<?php
$passwordText = "samplepassword";
$encryptedPass = md5($passwordText);
?>

Maybe it's failing because of header() being in the html body? Is there another way to forward through the pages?

Thanks again!

FlyingIsFun1217

FlyingIsFun1217 · April 18, 2008

Anybody?

I guess what I'm going for is the type of system that forums use. User logs in, a check is done (except I want to do mine against a php variable), and if it's correct, forward to another page.

Thanks!

FlyingIsFun1217

miracle_potential · April 18, 2008

header("Location: correctLogin.php");

header("Location: error.html");

Just noticed you were missing your location key

FlyingIsFun1217 · April 18, 2008

Yeah, I've since put the Location tag into that. Thing is, the site still does the exact same thing. Nothing ever changes... It's starting to get really annoying!

Thanks again!

FlyingIsFun1217

mofm · April 18, 2008

Try this .it should work

<?php

$passwordText = "samplepassword";
$encryptedPass = md5($passwordText);

$passwordFromLogin = $_POST['passwrd'];
$passwordEncrypted = md5($passwordFromLogin);

echo "Your pass :$encryptedPass<BR>Entered pass:$passwordEncrypted"; //Remove this line when ur done testing
if ($passwordEncrypted == $encryptedPass)
{
	header("Location: http://" . $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF'])."/correctLogin.php");

}
else
{
	header("Location: http://" . $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF'])."/error.html");
}
?>

FlyingIsFun1217 · April 19, 2008

Thanks, I'll try that!

FlyingIsFun1217

FlyingIsFun1217 · April 19, 2008

Still nothing.

Even replaced all of my html code from the index page into php echo's, and I still got the same errors.

Man, this is really irking me... what the heck could be stopping it from forwarding to a new page?!?!

Thanks again!

FlyingIsFun1217

FlyingIsFun1217 · April 19, 2008

Seems all I really needed to do was check my index. I had a form directly under a form (<form><form blahblah></form></form>). I think this was the case, anyway.

Either way, it's working now.

Thanks for everybody who took the time to help me. Now I'm dealing with image stuff...

FlyingIsFun1217

Sign In

[SOLVED] Little login system

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information