Jump to content


Photo

wont login


  • Please log in to reply
5 replies to this topic

#1 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 09 June 2006 - 12:15 AM

login.php script:

<?php
session_start();


require('../inc/connect.php');

if ($_POST['username']) {
$username=$_POST['username'];
$password=base64_encode($_POST['password']);
if ($password==NULL) {
echo "A password was not supplied";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "The supplied login is incorrect";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["s_username"] = $row['username'];
echo "You have successfully logged in as ".$_SESSION['s_username']." and can go to the index <a href='../index.php'>here</a>.";
}
}
}
?>


register.php script:

<?php

require('../inc/connect.php');

// If the submit button is pushed we continue
if(isset($_POST['submit'])) {

// Set POST form variables
$username = $_POST['username'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$email = $_POST['email'];

// Set normal needed variables
$ip = $_POST['ip'];
$date = $_POST['date'];
$privilege = $_POST['privilege'];

// Check if all fields are full
if($username==NULL || $password==NULL || $cpassword==NULL || $email==NULL) {
echo "All fields marked with a * are required";
} else {

// Check if both passwords entered are matching
if($password!=$cpassword) { 
echo "Passwords do not match.";
} else {

// Encrypt password
$enc_password = base64_encode('$password');

// Insert the post form info into the database
$query1 = "INSERT INTO `users` (`username`, `password`, `email`, `ip`, `date`, `privilege`) VALUES ('$username', '$enc_password', '$email', '$ip', '$date', '$privilege')";
$result1 = mysql_query($query1) or die('Error 003: Could not insert user details into database');
// Error 003 - register.php - Database error...

} // End if for required fields
} // End if for password match
} // End if for submit button

?>


#2 anatak

anatak
  • Members
  • PipPipPip
  • Advanced Member
  • 406 posts
  • LocationJapan, Fukuoka prefecture, Kitakyushu City

Posted 09 June 2006 - 12:22 AM

Do you get any error messages ?
does the script works correctly when you don't supply the correct password ?
(does it echo "The supplied login is incorrect";)

takasi.8008@docomo.ne.jp
tourokum@0508.jp

#3 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 09 June 2006 - 12:39 AM

it echoes the supplied login is incorrect when it is correct!

#4 Fyorl

Fyorl
  • Members
  • PipPipPip
  • Advanced Member
  • 273 posts
  • LocationUK

Posted 09 June 2006 - 12:47 AM

I can't see what's wrong, your code looks fine. Try echoing the supplied password and the one from the database and see if they actually match.
[table]



Don't worry, the printer fairies will sort it out.

#5 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 09 June 2006 - 01:43 AM

I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.
~ D Kuang

#6 Fyorl

Fyorl
  • Members
  • PipPipPip
  • Advanced Member
  • 273 posts
  • LocationUK

Posted 09 June 2006 - 02:04 AM

[!--quoteo(post=381684:date=Jun 8 2006, 08:43 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Jun 8 2006, 08:43 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.
[/quote]

It's better than not encrypting them at all, which is what I did back in my first MORPG... oh the naivety
[table]



Don't worry, the printer fairies will sort it out.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users