sean14592 Posted May 25, 2008 Share Posted May 25, 2008 Hi, For some reason every time I go to login with any password I can get through, so even if the password is not the one for my account I can still see the message "Login Succesful". <?php mysql_connect($db_host,$db_username,$db_password) or die(mysql_error()); mysql_select_db($db_database) or die(mysql_error()); $username = $_POST['username']; $password = $_POST['password']; $secpass = md5("2392j3k2js21".$password.$username); // Retrieve all the data from the "example" table $result = mysql_query('SELECT * FROM owners WHERE username="$username"') or die(mysql_error()); // store the record of the table into $row $row = mysql_fetch_array( $result ); // Print out the contents of the entry if ($row['password'] == $secpassword){ echo ("Login success!"); } else { echo ("Login Error!"); } ?> Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/ Share on other sites More sharing options...
deadonarrival Posted May 25, 2008 Share Posted May 25, 2008 $secpass = md5("2392j3k2js21".$password.$username); if ($row['password'] == $secpassword){ First line is $secpass Second is $secpassword Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549676 Share on other sites More sharing options...
LooieENG Posted May 25, 2008 Share Posted May 25, 2008 Hi, For some reason every time I go to login with any password I can get through, so even if the password is not the one for my account I can still see the message "Login Succesful". <?php mysql_connect($db_host,$db_username,$db_password) or die(mysql_error()); mysql_select_db($db_database) or die(mysql_error()); $username = $_POST['username']; $password = $_POST['password']; $secpass = md5("2392j3k2js21".$password.$username); // Retrieve all the data from the "example" table $result = mysql_query('SELECT * FROM owners WHERE username="$username"') or die(mysql_error()); // store the record of the table into $row $row = mysql_fetch_array( $result ); // Print out the contents of the entry if ($secpass == $row['password']){ echo ("Login success!"); } else { echo ("Login Error!"); } ?> Does that work? Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549679 Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 well you got at least 2 problems that I see. First off, $secpassword doesn't exist, so your condition looks like this: if ($row['password'] == NULL/FALSE) { ... } and since it seems to be coming out as true, $row['password'] is turning up FALSE if it's failing, or no result if nothing is returned from your query. edit: Gah! multi-posts before I posted disregard this post. Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549682 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 ok, I have now made it all $secpassword, Though now none of my passwords work, lol, Anyone find anything else? Cheers Sean p.s I have also tried LooieENG's code, and yet he smae thign hapens, no passes work. Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549685 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 Thanks Crayon Violent , After reading that the problem seems to be more clear, Do you know exacly what code is producing this error? cheers sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549687 Share on other sites More sharing options...
deadonarrival Posted May 25, 2008 Share Posted May 25, 2008 Print $secpass/$secpassword (whichever you've used) and $row[password] - just to see what they come out as. Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549690 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 lol, just did that as you said it,I got.... Login Error! Pass from mysql: Pass from form: 7674e5844a670dfcf2d067dd88b36a5d This is weird. sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549691 Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 can you repost your updated code (including your debug echoes) Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549693 Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 also, echo out $username are you sure that $_POST['username'] exists on your form (spelled correctly, etc...)? Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549697 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 Ok, here is my full page..... http://pastebin.com/m119e1f75 Ok, this is what I get when entering any password with a real username: Login Error! Pass from mysql: Pass from form: 7674e5844a670dfcf2d067dd88b36a5d Hope this helps Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549700 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 also, echo out $username are you sure that $_POST['username'] exists on your form (spelled correctly, etc...)? Yep, it echos the username that was entered correctly, no problem there. cheers sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549702 Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 okay how about going into phpmyadmin and physically looking to see if the data is there? Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549703 Share on other sites More sharing options...
sean14592 Posted May 25, 2008 Author Share Posted May 25, 2008 ok, well I have compared the real pass entered on the site with the one found in the database and they are different... entered: 7674e5844a670dfcf2d067dd88b3**** found in database: 8b53602b51cbc88e7ce34**** As you can see they are differen, looks like we have found our problem, but now why, Here is my code fore my registration script as it may help: http://pastebin.com/m6b3eda57 Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549707 Share on other sites More sharing options...
deadonarrival Posted May 25, 2008 Share Posted May 25, 2008 Edit: Need to check for changes before I post Your newest problem comes from your hashing. Check the page which makes the password, and make sure it has the same $secpassword = md5("2392j3k2js21".$password.$username); And just check that $username and $password are set properly in that file Edit: still not watching $securepass = md5("2392j3k2js21".$password.$username); matches, so that doesn't seem to be the problem I'd suggest that you might be doing something else do one of the username/passwords in one file you dont do to the other. Something along the lines of stripslashes() or html_entities Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549808 Share on other sites More sharing options...
.josh Posted May 25, 2008 Share Posted May 25, 2008 Got it! From your pastebin: //MD5 Password $username = $_POST['username']; $password = $_POST['password']; $securepass = md5("2392j3k2js21".$password.$username); $_POST['password'] doesn't exist. You need to use 'password1' or 'password2' Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-549825 Share on other sites More sharing options...
sean14592 Posted May 27, 2008 Author Share Posted May 27, 2008 EDIT: just read last post, let me check if it works then ill update. cheers sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-550966 Share on other sites More sharing options...
sean14592 Posted May 27, 2008 Author Share Posted May 27, 2008 ok, that works now, the pass in db is same as the one entered in pass, all works. Though for some reason the below code is getting password as NULL. <?php mysql_connect($db_host,$db_username,$db_password) or die(mysql_error()); mysql_select_db($db_database) or die(mysql_error()); $username = $_POST['username']; $password = $_POST['password']; $secpassword = md5("2392j3k2js21".$password.$username); // Retrieve all the data from the "example" table $result = mysql_query('SELECT * FROM owners WHERE username="$username"') or die(mysql_error()); // store the record of the table into $row $row = mysql_fetch_array($result); // Print out the contents of the entry if ($row['password'] == $secpassword){ echo ("Login success!"); } else { echo ("Login Error!<br>Pass from mysql: ".$row['password']."<br>Pass from form: ".$secpassword." <br> Username entered in form".$_POST['username']."<br>"); } ?> Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-550996 Share on other sites More sharing options...
sean14592 Posted May 27, 2008 Author Share Posted May 27, 2008 FIXED! Thank you everyone for helping me soo much. you guys are the best, once my site is complete im gonna have to donate. Sean Quote Link to comment https://forums.phpfreaks.com/topic/107217-solved-login-problem/#findComment-551011 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.