JCF22Lyoko Posted June 17, 2008 Share Posted June 17, 2008 Hey guys. Can you help me with a PHP script? I'm trying to get the login form to use SHA1 and I keep getting errors and sometimes it says login failed even though the sha1 is correct. The code will be below. index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Form</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <h1><center> Login Page</center></h1> <p> </p> <form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Login</b></td> <td width="188"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> <h2><center><a href="register-form.php">Click here to Register</a></center></h2> </body> </html> login-exec.php <?php //Start session session_start(); //Connect to mysql server $link=mysql_connect("####","####","####"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("####"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(!get_magic_quotes_gpc()) { $login=mysql_real_escape_string($_POST['login']); $password=mysql_real_escape_string($_POST['password']); }else { $login=$_POST['login']; $password = sha1($_POST['password']); } //Create query $qry="SELECT member_id FROM gmmembers WHERE login='$login' AND passwd='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result)>0) { //Login Successful session_regenerate_id(); $member=mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID']=$member['member_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Btw, the #### aren't really there, I just used it to censor the username and password. If anyone could fix this up, that'll be great! Link to comment https://forums.phpfreaks.com/topic/110589-solved-php-login-help/ Share on other sites More sharing options...
conker87 Posted June 17, 2008 Share Posted June 17, 2008 Even if MAGIC_QUOTES are on, you should strip the slashes then real escape them. ex: if(get_magic_quotes_gpc()) { $login=mysql_real_escape_string(stripslashes($_POST['login'])); $password= sha1(stripslashes($_POST['password'])); }else { $login=mysql_real_escape_string($_POST['login']); $password = sha1($_POST['password']); } And to solve your problem, you've not sha1()'ing your escaped variable. if(!get_magic_quotes_gpc()) { $login=mysql_real_escape_string($_POST['login']); $password=mysql_real_escape_string($_POST['password']); // here }else { $login=$_POST['login']; $password = sha1($_POST['password']); } Use the above code anyway. Link to comment https://forums.phpfreaks.com/topic/110589-solved-php-login-help/#findComment-567353 Share on other sites More sharing options...
JCF22Lyoko Posted June 17, 2008 Author Share Posted June 17, 2008 It still won't work. Could you upload the whole thing please? Link to comment https://forums.phpfreaks.com/topic/110589-solved-php-login-help/#findComment-567378 Share on other sites More sharing options...
conker87 Posted June 17, 2008 Share Posted June 17, 2008 Any errors at all? Try this, it should work: <?php //Start session session_start(); //Connect to mysql server $link=mysql_connect("####","####","####"); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("####"); if(!$db) { die("Unable to select database"); } //Sanitize the value received from login field //to prevent SQL Injection if(get_magic_quotes_gpc()) { $login = mysql_real_escape_string(stripslashes($_POST['login'])); $password = sha1(stripslashes($_POST['password'])); } else { $login = mysql_real_escape_string($_POST['login']); $password = sha1(mysql_real_escape_string($_POST['password'])); } //Create query $qry="SELECT member_id FROM gmmembers WHERE login='$login' AND passwd='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member=mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID']=$member['member_id']; session_write_close(); header("location: member-index.php"); exit(); } else { //Login failed header("location: login-failed.php"); exit(); } } else { die("Query failed"); } ?> Link to comment https://forums.phpfreaks.com/topic/110589-solved-php-login-help/#findComment-567384 Share on other sites More sharing options...
JCF22Lyoko Posted June 17, 2008 Author Share Posted June 17, 2008 Wow thank you so much! I finally got it to work! Thank you so much. How could I ever repay you? Link to comment https://forums.phpfreaks.com/topic/110589-solved-php-login-help/#findComment-567391 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.