jrws Posted September 8, 2008 Share Posted September 8, 2008 <?php include_once('functions.php'); if(isset($_POST['submit'])){ $username = protect($_POST['user']); $password = protect(encrypt($_POST['password'])); $query = "SELECT username, password,u_LV FROM user WHERE username ='$username' AND password = '$password' AND u_lv BETWEEN 1 AND 6"; $result = mysql_query($query)or die("Error, please contact staff. $bugE"); if(mysql_num_rows($result)>0){ Header("Location: logged_in.php"); } else { //Failed login, give error message. echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>"; } } close()//Close Database ?> Alright that's the code, now the problem. I am not sure but I think it is in the SQL syntax. So what should happen is this: user+password = login check; login check = query database, see if username and password match or even exist AND their user level is 1 to 6 (1 = activated gets progressively higher in user stats i.e. 6 = admin). IF login check fails (username/password don't match OR user not 1-6) give error message. Else login the user. So thats what should happen, but what is happening is that no matter what, login check fails and give the error message echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>"; What I want to know is what the problem is, and how I can fix it and identify it in the future as I am sure you guys get tired of solving code's for newbies/dunces like me. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/ Share on other sites More sharing options...
Adam Posted September 8, 2008 Share Posted September 8, 2008 what happens in the "protect" function? Try printing out the username and password variables... What is actually printed out when you try and login? Need little bit more information.. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636969 Share on other sites More sharing options...
toivo Posted September 8, 2008 Share Posted September 8, 2008 You refer to one of the columns as u_LV and u_lv. The identifiers are not case sensitive under Windows or Mac OS X but if your MySQL server runs under Unix/Linux, they are different identifiers and cause your query to fail. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636974 Share on other sites More sharing options...
jrws Posted September 8, 2008 Author Share Posted September 8, 2008 //Encypts user password or a string, can be used for the activation code. function encrypt($string){ $string=md5(sha1(md5(sha1($string)))); return $string; } //Sanitizes user input function protect($string) { if (get_magic_quotes_gpc()) { //Check if magic_quotes is enabled $string = stripslashes($string); } $string = mysql_real_escape_string($string); //escape harmful characters $string = strip_tags($string); //remove HTML tags return trim($string); //Shorten string and return it } 2.Well I just tried what you suggested about the username and password. Not matter what the password the outcome is always: e8555537f6031e44c5c6937a3d62956a 3. echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>"; Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636978 Share on other sites More sharing options...
jrws Posted September 8, 2008 Author Share Posted September 8, 2008 I am testing on a Windows machine, but I will edit, thanks. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636979 Share on other sites More sharing options...
Adam Posted September 8, 2008 Share Posted September 8, 2008 Perhaps its using.. $string=md5(sha1(md5(sha1($string)))); can't imagine that's necessary anyway? md5 does the trick... Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636986 Share on other sites More sharing options...
revraz Posted September 8, 2008 Share Posted September 8, 2008 Lol that is a lot of hashing. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636989 Share on other sites More sharing options...
jrws Posted September 8, 2008 Author Share Posted September 8, 2008 Indeed it is, I was just thinking to use md5+ a salt, but I thought, just try it wilth sha1 as well. @MrAdam I don't think it is, because I have another test, but it doesn't search for user level, it just looks for username and password, and it works. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636993 Share on other sites More sharing options...
revraz Posted September 8, 2008 Share Posted September 8, 2008 This is what I would try. Drop your protect and encrypt functions. Use a single MD5 or SHA1 to store a new PW and use the same to retrieve it. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-636998 Share on other sites More sharing options...
jrws Posted September 8, 2008 Author Share Posted September 8, 2008 alright I will try that. It worked, so now do I add the protect function (for injection attacks)? -edit- Thanks guys, you have given me an idea for future debugs. Quote Link to comment https://forums.phpfreaks.com/topic/123329-solved-login-error/#findComment-637000 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.