slapdashgrim Posted August 27, 2008 Share Posted August 27, 2008 i built this script but its not working, can some one tell me why. it only querys when you use username as the username but actual usernames that are in the database wont work. here is the MYSQL table structure INSERT INTO users VALUES (1, 'test', 'pass1', 1); INSERT INTO users VALUES (2, 'slapdash', 'pass1', 1); INSERT INTO users VALUES (3, 'Patrick123', 'pass1', 0); INSERT INTO users VALUES (4, 'TESThha', 'pass1', 0); here is the code of the login handle script. <?php if ($_POST['submit']=='Login'){ $username = $_POST["username"]; $password = $_POST["password"]; //Handle dbmysqlcms(); $query = 'SELECT * FROM users WHERE username ='.$username; if ($r = mysql_query ($query)) { while ($row = mysql_fetch_array ($r)) { $fail=NULL; if ($username == $row['username'] && trim($password) == md5(trim($row['password']))) { $_SESSION['userName'] = $username; $_SESSION['admin'] = $row['admin']; $_SESSION['auth'] = TRUE; header('location: ../index.php'); } if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) { $fail = 1; }//end auth if }//end while }//end query if if ($fail == 1){header('location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));} }?> i dont know what to do ??? ??? please help thankyou Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 27, 2008 Share Posted August 27, 2008 <?php session_start(); if ($_POST['submit']=='Login'){ $username = trim($_POST["username"]); $password = trim($_POST["password"]); //Handle dbmysqlcms(); $query = "SELECT * FROM users WHERE username ='" .$username . "'"; if ($r = mysql_query ($query)) { while ($row = mysql_fetch_array ($r)) { $fail=NULL; if ($username == trim($row['username']) && $password == md5(trim($row['password']))) { $_SESSION['userName'] = $username; $_SESSION['admin'] = $row['admin']; $_SESSION['auth'] = TRUE; header('Location: ../index.php'); } if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) { $fail = 1; }//end auth if }//end while }//end query if if ($fail == 1){header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));} }?> Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted August 27, 2008 Author Share Posted August 27, 2008 okay so now it querys but it wont enter the while loop Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 27, 2008 Share Posted August 27, 2008 Without proper indent it's really difficult to debug. I would go this way: <?php session_start(); if(isset($_POST['submit'])){ $username = mysql_real_escape_string(trim($_POST['username'])); $password = md5(trim($_POST['password'])); $results = mysql_query("SELECT username, admin FROM users WHERE username='$username'"); if(mysql_num_rows($results) == 1){ $values = mysql_fetch_array($results); $_SESSION['username'] = $values['username']; $_SESSION['admin'] = $values['admin']; } else{ header('Location: blabla.php'); } } ?> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted August 27, 2008 Share Posted August 27, 2008 okay so now it querys but it wont enter the while loop Do the username and password exist in the database? Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 27, 2008 Share Posted August 27, 2008 Another question should be: Are the passwords hashed in the database? Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted August 28, 2008 Author Share Posted August 28, 2008 thank you but i dont see a part in the script that checks the password. Quote Link to comment Share on other sites More sharing options...
revraz Posted August 28, 2008 Share Posted August 28, 2008 Ken's code has it if ($username == trim($row['username']) && $password == md5(trim($row['password']))) { Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 okay i almost have it fixed. it wont get past password authentication now. <?php if ($_POST['submit']=='Login'){ $username = trim($_POST['username']); $password = md5(trim($_POST['password'])); $results = mysql_query("SELECT username, admin, password FROM users WHERE username='$username'"); if(mysql_num_rows($results) == 1){ $values = mysql_fetch_array($results); if ($password == $values['password']){ $_SESSION['userName'] = $values['username']; $_SESSION['admin'] = $values['admin']; $_SESSION['auth'] = TRUE; header('Location: ../index.php'); }else{ header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your Password again, we were unable to log you in.')); } } else{ header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.')); } } ?> Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 okay i think i figured it out. my mysql data base is limiting the amout of char so the md5 is to long so it looked like this f5d1278e8109edd94e1e4197e04873b9(from input) and f5d1278e8109edd9(from database) Quote Link to comment Share on other sites More sharing options...
Eggzorcist Posted August 29, 2008 Share Posted August 29, 2008 Jimmy jim, you'll have to extend you're sql limit to 30 for md5 Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted August 29, 2008 Author Share Posted August 29, 2008 32 actually =] Quote Link to comment Share on other sites More sharing options...
Eggzorcist Posted August 29, 2008 Share Posted August 29, 2008 Yep, it was all a trick question. You're good... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.