Jump to content


Photo

I am working on a login script. I keep getting the “You have entered an invalid username or password!” message.


  • Please log in to reply
15 replies to this topic

#1 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 03:03 AM

I am working on a login script. I keep getting the “You have entered an invalid username or password!” message. This is what happens I withdraw the forumpass from the database and then I compare it to the necessary password and even if the passwords are equal it returns $_SESSION['emaillog'] = FALSE; when it should set it to true.

This is the first part of the code.
<?php
session_start();
header("Cache-control: private");

include("top.php");
$text="Database Test";

$username="***********";
$password="***********";
$database="***********";

$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$forumpass = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
mysql_close();

if ($forumpass != 16218)
{
    $_SESSION['emaillog'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; URL=mail_login.php'>";
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>

-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#2 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 28 May 2006 - 03:06 AM

Is it an MD5 hash? If it is, then it won't compare properly.

#3 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 03:10 AM

Actually that was another question too. Can you put an md5(16218) password into the database and then compare it to md5(16218)?

But! non the less im still stuck with the same problem.

And no at the moment nothing is md5 hashed.
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#4 DaVuLf

DaVuLf
  • Members
  • PipPipPip
  • Advanced Member
  • 124 posts

Posted 28 May 2006 - 03:13 AM

I'm pretty sure using MD5 like that is what forums use. That is the reason why they don't know your password (because its encrypted in the database).

Another thing I wonder is what type of field are you using? I'm thinking its a VARCHAR field. Now, what you're comparing is to an INT (the number). Try writing this:

if ($forumpass != '16218')
{


#5 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 03:22 AM

Ahh, actually the field is tinytext and Im useing 16218 as a refrance to the actuall pass word which is normal text.
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#6 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 28 May 2006 - 03:30 AM

Obviously you are not fetching the query:

$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
$results = mysql_fetch_assoc($query);
$forumpass = $results['forumpass']

~ D Kuang

#7 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 03:48 AM

Ok now it sets it to true like it should but on line 20 I have this error..

parse error, unexpected T_STRING in /home/www/fire…p.. on line 20

01-<?php
02-session_start();
03-header("Cache-control: private");
04-
05-include("top.php");
06-$text="Database Test";
07-
08-$username="********";
09-$password="********";
10-$database="********";
11-
12-$inputname = $_POST['inputname'];
13-
14-mysql_connect('db4.awardspace.com:3306',$username,$password);
15-mysql_select_db($database) or die( "Unable to select database");
16-$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
17-$results = mysql_fetch_assoc($query);
18-$forumpass = $results['forumpass'];
19-
20-mysql_close();
21-
22-if ($forumpass != 16218)
23-{
24-    $_SESSION['emaillog'] = FALSE;
25-   echo "You have enterd an invalid username or password! <br />";
26-   echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; 28-URL=mail_login.php'>";
27-}
28-else
29-{
30-    $_SESSION['emaillog'] = TRUE;
31-}

-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#8 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 03:18 PM

so whats wrong with it? I cant figure it out
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#9 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 May 2006 - 04:12 PM

Try changing your line 16 from
<?php $query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'"; ?>
to
php $query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'"; ?>

Also take a close look at lines 25 & 27 above.

Ken

#10 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 05:00 PM

This is there new error that i recived last night.
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/www/fireme.....p.. on line 17
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#11 toplay

toplay
  • Staff Alumni
  • Advanced Member
  • 973 posts

Posted 28 May 2006 - 05:07 PM

Bob_Leny, going off your last code post (which shows the line numbers), you have forgotten to actually run the query. There's no mysql_query() before the fetch.

Always, check for MySQL errors before proceeding with the next call.

Click on the [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=31047&view=findpost&p=153359\" target=\"_blank\"]PHP F.A.Q.[/a] link. Find and read the MySQL Data Retrieval section for example code of getting data from MySQL with error checking after every MySQL command.

Also, search for "supplied argument" in the FAQ page.

Parse Errors are caused by human error. Check on the line of the error, but usually one to many lines before it, for missing closing tags (i.e. ", ), }, ;, etc.).

Here's a list of what those PHP tokens seen in error messages mean:
[a href=\"http://us2.php.net/manual/en/tokens.php#tokens\" target=\"_blank\"]http://us2.php.net/manual/en/tokens.php#tokens[/a]



#12 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 28 May 2006 - 06:05 PM

Yeah I know all about them missing stuff! lol I love to leave my ";"s off! They don't do me any good lol

Yeah Ill look in there and see what it says thanks

-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#13 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 29 May 2006 - 08:33 PM

I’ve read your post and have added a few checks. So this is what I came up with! Umm.. some constructive criticism would really be appreciated as I know it’s full of mistakes!

Id also like to draw your attention to this as its not right...
mysql_select_db($database)
if (!mysql_select_db($database))


SiTe_E_Ma-il-45_0016-12_Pghy3.php:
<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";

function sendem($reurl,$retime)
{
    echo "<META HTTP-EQUIV='Refresh' CONTENT= '" . $retime . "; URL=" . $reurl . "'>";
}

$username="**********";
$password="**********";
$database="**********";

if (!$_POST['inputname'])
{
    $_SESSION['wronginputename'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to connect to MySQL!";
    die();
}
else
{
mysql_select_db($database)
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'";
mysql_query()
$results = mysql_fetch_assoc($query);
if (!results)
{
    echo "Information from forum_users not found!";
    die();
}
else
{
$forumpass = $results['forumpass'];

mysql_close();

//Password in database is monkeys
if ($forumpass != monkeys)
{
    $_SESSION['wronginputepass'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to Connect to MySQL!";
    die();
}
else
{
mysql_select_db($database);
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);
if (!results)
{
    echo "<center><u>-- Inbox Empty --</u></center><br /><br />You have no E-mails at this time!";
    die();
}
else
{
$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>

<table border=0 background=table_declare.png cellpadding=0 cellspacing=0 align=center width=353 height=27>
<tr><td width=353>
<center>From: <?php echo $email ?></center>
</td></tr>
</table>

<table border=0 background=table_top4.png cellpadding=0 cellspacing=0 align=center width=703 height=27>
<tr>
<td>&nbsp;<span class="pleft">Subject: <?php echo $subject ?></span></td>
<td align=right><span class="pleft">Sent on: <?php echo $time ?>&nbsp</span></td>
</tr>
</table>

<table border=0 background=table_back.png cellpadding=0 cellspacing=0 align=center width=703>
<tr><td align=center>

<table border=0 cellpadding=0 cellspacing=0 align=center width=691>
<tr><td width=691>

<?php echo $message ?>

</td></tr>
</table>

</td></tr>
<tr><td><img src=table_bottom.png width=703 height=5></td></tr>
</table>

<table border=0 cellpadding=0 cellspaceing=0 align=left>
<tr>
<td>
<form action="mail_delete.php" method="post">
<input type="submit" value="Delete">
</form>
</td>
</tr>
</table>


<!--------------------->
<br /><br />
<!--------------------->

<?php

$i++;
}
}
}
}
}
}
}
}
}

mysql_close();

include("bot.php");
?>


mail_login.php:
<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";
$wordss = "Please sign in below";

if ($_SESSION['wronginputename'] == TRUE)
{
    $wordss = "Incorect Username!";
}

if ($_SESSION['wronginputepass'] == TRUE)
{
    $wordss = "Incorect Password!";
}

if ($_SESSION['emaillog'] == TRUE)
{
echo "<META HTTP-EQUIV='Refresh' CONTENT= '.1; URL=SiTe_E_Ma-il-45_0016-12_Pghy3.php'>";
}

echo "<span class='pleft'>" . $wordss . "</span> <br />";
echo "<form action='SiTe_E_Ma-il-45_0016-12_Pghy3.php' method='post'>";
echo "Username: <input type='text' name='inputname' size='21' maxlength='20'><br />";
echo "Password: <input type='password' name='inputpass' size='21' maxlength='20'><br />";
echo "<input type='Submit' value='Send'>";
echo "</form>";

include("bot.php");
?>

-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#14 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 29 May 2006 - 10:45 PM

Yeah uhhhh... no ideas? no help?
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#15 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 29 May 2006 - 11:06 PM

Are you having any problems?
~ D Kuang

#16 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 29 May 2006 - 11:21 PM

Nevermind. The whole thing is an error! Im going to rescript it
-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users