slapdashgrim Posted August 27, 2008 Share Posted August 27, 2008 i built this script but its not working, can some one tell me why. it only querys when you use username as the username but actual usernames that are in the database wont work. here is the MYSQL table structure INSERT INTO users VALUES (1, 'test', 'pass1', 1); INSERT INTO users VALUES (2, 'slapdash', 'pass1', 1); INSERT INTO users VALUES (3, 'Patrick123', 'pass1', 0); INSERT INTO users VALUES (4, 'TESThha', 'pass1', 0); here is the code of the login handle script. <?php if ($_POST['submit']=='Login'){ $username = $_POST["username"]; $password = $_POST["password"]; //Handle dbmysqlcms(); $query = 'SELECT * FROM users WHERE username ='.$username; if ($r = mysql_query ($query)) { while ($row = mysql_fetch_array ($r)) { $fail=NULL; if ($username == $row['username'] && trim($password) == md5(trim($row['password']))) { $_SESSION['userName'] = $username; $_SESSION['admin'] = $row['admin']; $_SESSION['auth'] = TRUE; header('location: ../index.php'); } if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) { $fail = 1; }//end auth if }//end while }//end query if if ($fail == 1){header('location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));} }?> i dont know what to do ??? ??? please help thankyou Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/ Share on other sites More sharing options...
Ken2k7 Posted August 27, 2008 Share Posted August 27, 2008 <?php session_start(); if ($_POST['submit']=='Login'){ $username = trim($_POST["username"]); $password = trim($_POST["password"]); //Handle dbmysqlcms(); $query = "SELECT * FROM users WHERE username ='" .$username . "'"; if ($r = mysql_query ($query)) { while ($row = mysql_fetch_array ($r)) { $fail=NULL; if ($username == trim($row['username']) && $password == md5(trim($row['password']))) { $_SESSION['userName'] = $username; $_SESSION['admin'] = $row['admin']; $_SESSION['auth'] = TRUE; header('Location: ../index.php'); } if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) { $fail = 1; }//end auth if }//end while }//end query if if ($fail == 1){header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));} }?> Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626663 Share on other sites More sharing options...
slapdashgrim Posted August 27, 2008 Author Share Posted August 27, 2008 okay so now it querys but it wont enter the while loop Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626676 Share on other sites More sharing options...
Fadion Posted August 27, 2008 Share Posted August 27, 2008 Without proper indent it's really difficult to debug. I would go this way: <?php session_start(); if(isset($_POST['submit'])){ $username = mysql_real_escape_string(trim($_POST['username'])); $password = md5(trim($_POST['password'])); $results = mysql_query("SELECT username, admin FROM users WHERE username='$username'"); if(mysql_num_rows($results) == 1){ $values = mysql_fetch_array($results); $_SESSION['username'] = $values['username']; $_SESSION['admin'] = $values['admin']; } else{ header('Location: blabla.php'); } } ?> Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626713 Share on other sites More sharing options...
Ken2k7 Posted August 27, 2008 Share Posted August 27, 2008 okay so now it querys but it wont enter the while loop Do the username and password exist in the database? Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626717 Share on other sites More sharing options...
Fadion Posted August 27, 2008 Share Posted August 27, 2008 Another question should be: Are the passwords hashed in the database? Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626719 Share on other sites More sharing options...
slapdashgrim Posted August 28, 2008 Author Share Posted August 28, 2008 thank you but i dont see a part in the script that checks the password. Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-627648 Share on other sites More sharing options...
revraz Posted August 28, 2008 Share Posted August 28, 2008 Ken's code has it if ($username == trim($row['username']) && $password == md5(trim($row['password']))) { Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-627767 Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 okay i almost have it fixed. it wont get past password authentication now. <?php if ($_POST['submit']=='Login'){ $username = trim($_POST['username']); $password = md5(trim($_POST['password'])); $results = mysql_query("SELECT username, admin, password FROM users WHERE username='$username'"); if(mysql_num_rows($results) == 1){ $values = mysql_fetch_array($results); if ($password == $values['password']){ $_SESSION['userName'] = $values['username']; $_SESSION['admin'] = $values['admin']; $_SESSION['auth'] = TRUE; header('Location: ../index.php'); }else{ header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your Password again, we were unable to log you in.')); } } else{ header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.')); } } ?> Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629277 Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 okay i think i figured it out. my mysql data base is limiting the amout of char so the md5 is to long so it looked like this f5d1278e8109edd94e1e4197e04873b9(from input) and f5d1278e8109edd9(from database) Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629283 Share on other sites More sharing options...
Eggzorcist Posted August 29, 2008 Share Posted August 29, 2008 Jimmy jim, you'll have to extend you're sql limit to 30 for md5 Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629286 Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 32 actually =] Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629297 Share on other sites More sharing options...
Eggzorcist Posted August 29, 2008 Share Posted August 29, 2008 Yep, it was all a trick question. You're good... Link to comment https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629307 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.