PGTibs Posted February 8, 2009 Share Posted February 8, 2009 You may have seen an earlier post like this one however this is a different problem. I have this page... <?php session_start(); include 'config.php'; if($_GET['login'] == "login") { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; } list($user) = mysql_fetch_array(mysql_query("SELECT `ID` FROM `clients` WHERE ID='$user1_post'")); list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `clients` WHERE password='$pass1_post'")); if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 1) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['ID']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; $ID = $result["ID"]; echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; exit; } else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; } } ?> <head> <style> .submitbut { position: absolute; top: 20px; left:350px; } </style> </head> <body> <font face="verdana" size="1"><b><a href="addclients.php" target="content">Click Here To Add Clients</a> | <a href="removeclients.php" target="content">Click Here To Remove Clients</a> <br><br> <? $query = mysql_query("SELECT * FROM `clients` ORDER BY `ID` DESC"); while($result = mysql_fetch_array($query)) { $male = $result["ClientMale"]; $female = $result["ClientFemale"]; $agem = $result["ClientAgem"]; $agef = $result["ClientAgef"]; $town = $result["ClientTown"]; $street = $result["ClientStreet"]; $post = $result["ClientPost"]; $num = $result["ClientNumber"]; $budget = $result["ClientBudget"]; $time = $result["ClientTime"]; $loc = $result["ClientLoc"]; $notes = $result["ClientNotes"]; $email = $result["ClientEmail"]; $flo = $result["ClientFlo"]; $pho = $result["ClientPho"]; $recven = $result["ClientRecven"]; $tran = $result["ClientTran"]; $travg = $result["ClientTravg"]; $travh = $result["ClientTravh"]; $hair = $result["ClientHair"]; $make = $result["ClientMake"]; $out = $result["ClientOut"]; $cat = $result["ClientCat"]; $enter = $result["ClientEnter"]; $con = $result["ClientCon"]; $ID = $result["ID"]; $action = $_GET["action"]; $budgetu = $_POST["budgetu"]; $timeu = $_POST["time2"]; $locu = $_POST["loc2"]; $notesu = $_POST["notes2"]; echo "<div class='info'><table width='100%' border='0' bgcolor='#ffccff' style='border-color: #000000; border-width: 1px; border-style: solid;'> <td colspan=2> <form action='clients.php?login=login' method='POST'> <B><font face=verdana size=1><u>(ID:<input size='1' type='username' name='username_post' value='$ID' style='font-family: Verdana; font-size: 10px; color: #000000;'>) $male & $female</u>   <input type='password' name='password_post' size='14' style='font-family: Verdana; font-size: 10px; color: #000000;'> <input type='submit' name='myclicker' style='font-size: 10px; font-family: verdana;' value='(More)'></form> </td></td> <tr> <td colspan='2' valign='top'><font face=verdana size=1> <b>Male Age:</b> $agem<br> <b>Female Age:</b> $agef<br> </tr> <tr> <td><font face=verdana size=1><b>Located At:</b> $town.<br> </tr> </table></div>"; if($action == "edit$ID") { echo "<div class='info' style='font-family: verdana; border-color: #000000; border-width: 1px; border-style: solid;'> <b> <u>(ID:$ID) $male & $female</b></u><br> <table cellspacing'0' cellborder='0' border='0' width='80%'> <tr style='background: pink;'> <td><font face=verdana size=1><b>Located At:<br></b> <B>Contact Number:</b><br> <B>Contact Email:</b><br></color></td> <td><font face='verdana' size='1'> $street, $town, $post<br> $num<Br> $email<br></td> </tr> <tr> <td width='20%'> <font face='verdana' size='1' style='text-decoration: underline;'>Budget:</td><td><font face='verdana' size='1'> $budget</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Planned Wedding Time & Date:</td><td><font face='verdana' size='1'> $time</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Planned Wedding Location:</td><td><font face='verdana' size='1'> $loc</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Florists:</td><td><font face='verdana' size='1'> $flo</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Photographer:</td><td><font face='verdana' size='1'> $pho</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Reception Venue:</td><td><font face='verdana' size='1'> $recven</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Transport:</td><td><font face='verdana' size='1'> $tran</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Travel (Guests):</td><td><font face='verdana' size='1'> $travg</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Travel (Honeymoon):</td><td><font face='verdana' size='1'> $travh</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Hair:</td><td><font face='verdana' size='1'> $hair</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Makeup:</td><td><font face='verdana' size='1'> $make</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Outfits:</td><td><font face='verdana' size='1'> $out</td></tr><tr> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Caterer:</td><td><font face='verdana' size='1'> $cat</td></tr><tr style='background: pink;'> <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Entertainment:</td><td><font face='verdana' size='1'> $enter</td></tr><tr> <td width='20%' valign='top'><div style='word-break:normal;word-wrap:break-word;'><font face='verdana' size='1' style='text-decoration: underline;'>Contingency Plans:</font><br></td> <td width='60%'><font face='verdana' size='1'>$con </font></div></td></tr><tr style='background: pink;'> <td width='20%' valign='top'><div style='word-break:normal;word-wrap:break-word;'><font face='verdana' size='1' style='text-decoration: underline;'>Notes:</font><br></td> <td width='60%'><font face='verdana' size='1'>$notes </font></div></td></tr></table></font> <br> <div align='right'><font face='verdana' size='1' style='text-decoration: underline;'><a href='clients.php' target='content'>(Hide)</a><br><a href='clientedit.php?action=edit$ID' target='content'>(Edit)</a></div></font></div> </div>" ; } } mysql_close($ms); ?> and when i run it everything works, however, when you enter a password, no matter if its wrong or right the page displays the incorrect password message and nothing else. I can't see the problem with it and the password information is in the database. Can anyone else see the problem? Quote Link to comment Share on other sites More sharing options...
premiso Posted February 8, 2009 Share Posted February 8, 2009 addslashes is going to be depreciated, it is better to use mysql_real_escape_string to escape data. For the password, you do not need add slashes, since you are converting it to MD5. Although if you started doing that, you should keep doing that, I would suggest changing it however. Why not do one query to pull out the username? WHERE ID = ID AND password = password there is no need to pull them both out separately. Basically remove those two single mysql's and just use the $sql = select from clients, if the num_rows of that return > 0 then you have a valid user. You are doing redundant, unnecessary checking. As for why the password is bad, no clue, how is it being entered into the DB, if you are adding slashes here and not when entering it, that could cause issues. Also MD5 will be case sensitive. One final suggestion, properly indent your code. It will make it a ton easier to debug it. Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 Ok so basically, i pulled the password script out of another page so i don't fully understand why the hell it's doing the username and password thing twice. As for adding the password to the database, its just a simple form. <input type='text' name='password' class='button' size='25'> include ("config.php"); if(!$ClientMale || !$password) { echo "<br><br><b>You must enter a username and password!</b>"; exit; } $password = md5($password); $add = mysql_query("INSERT INTO `clients` (`password`) VALUES ('$password')"); That peice of coding has been cut down from the full page but its basically all it uses. I like the comments you made but since it was working alright not that long ago i don't see why changing them should make much difference? Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 EDIT FROM ABOVE Is this what you meant? <?php session_start(); include 'config.php'; if($_GET['login'] == "login") { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; } if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 0) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['ID']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; $ID = $result["ID"]; echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; exit; } else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; } } ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 As you have changed your code the highlighted lines below are not needed <?php session_start(); include 'config.php'; if($_GET['login'] == "login") { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; } if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 0) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['ID']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; $ID = $result["ID"]; echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; exit; } else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; } } ?> However your code can be much more cleaner still. EDIT Clean code <?php session_start(); include 'config.php'; if(isset($_GET['login']) && $_GET['login'] == "login") { if(!isset($_POST['username_post'], $_POST['password_post'])) { echo "<b>Error: Username and password required for login</b>"; exit; } $user = mysql_real_escape_string($_POST["username_post"]); // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits). $pass = md5($_POST["password_post"]); $sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1"); if(mysql_num_rows($sql) == 1) { $result = mysql_fetch_assoc($sql); $ID = $result["ID"]; $_SESSION['session_username'] = $ID; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; exit; } else { echo "<b><u>Error: The Username/Password Incorrect<br></u></b>"; } } ?> Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 Thanks for that, so now it's cleaner but it still doesn't work. It still says the password is incorrect when it clearly isnt? I don't see the problem, the SQL Instruction too add the table too the database is... CREATE TABLE IF NOT EXISTS `clients` ( `ID` int(11) NOT NULL auto_increment, `ClientMale` text NOT NULL, `ClientFemale` text NOT NULL, `NoticeDAT` text NOT NULL, `IP` int(11) NOT NULL default '0', `ClientAgem` text NOT NULL, `ClientAgef` text NOT NULL, `ClientStreet` text NOT NULL, `ClientTown` text NOT NULL, `ClientPost` text NOT NULL, `ClientNumber` text NOT NULL, `ClientNotes` text NOT NULL, `ClientBudget` text NOT NULL, `ClientLoc` text NOT NULL, `ClientTime` text NOT NULL, `ClientEmail` text NOT NULL, `ClientFlo` text NOT NULL, `ClientPho` text NOT NULL, `ClientRecven` text NOT NULL, `ClientTran` text NOT NULL, `ClientTravg` text NOT NULL, `ClientTravh` text NOT NULL, `ClientHair` text NOT NULL, `ClientMake` text NOT NULL, `ClientOut` text NOT NULL, `ClientCat` text NOT NULL, `ClientEnter` text NOT NULL, `ClientCon` text NOT NULL, `password` text NOT NULL, UNIQUE KEY `id` (`id`), PRIMARY KEY (`ID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; So the login just uses the password and the ID. I don't have a clue why this isn't working? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 I think you need to setup a field in your table to hold the usernames. Currently you're comparing the username the user enters to the ID field in your table. Is this how its supposed to be? Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 Basically, the reason they have ID's is for usernames, because the database holds the male and female name its easier to use the ID number as the login names. Which is why the username is $ID. Make sense? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 So the user has to enter his/her ID in to the Username field? for example 11024 .If so then your code should work. EDIT: Whos code are you using? My cleaned up version or your current code here. If you're using the code from that post then I just noticed something, this line: if(mysql_num_rows($sql)!= 0) { exit; } Will cause your script to stop if the username/password do match. You should change != 0 to == 0 Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 I'm now using your cleaned up version and it still isn't working. If you read the rest of the original page it actually has a box that already contains the user ID so they just enter the pass but basically yes. I'll have ago with another client but i doubt it'll work. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 No need for that. We just got to debug your script. How are you storing your passwords in your database? Are they plain text or encrypted. if they're plain text then your script will not work as your login script is encrypting the users password and comparing it to a non-encrypted password in the database. All you need to fix it is encrypt the passwords in your database which can be archived simply Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 The passwords are encryted, always felt it's safer. It's all how it should be, as i said, earlier on it was working fine. It's just stopped working now that i've added more to the part that appears when you log in. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 We'll try debugging your script <?php session_start(); include 'config.php'; if(isset($_GET['login']) && $_GET['login'] == "login") { echo 'Attempting login...<br />'; if(!isset($_POST['username_post'], $_POST['password_post'])) { echo "<b>Error: Username and password required for login</b>"; exit; } echo 'Username/Password provided...<br />'; echo '<pre>$_POST data:<br />'.print_r($_POST, true).'</pre>'; echo 'User: ' . $_POST["username_post"] . '<br />'; $user = mysql_real_escape_string($_POST["username_post"]); echo 'Password: '.$_POST["password_post"] .'<br />'; echo 'MD5 Password... '; // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits). $pass = md5($_POST["password_post"]); echo $pass.'<br />'; echo 'Perform query... '; $qry = "SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1"; echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>'; $sql = mysql_query($qry); echo '<br />Query succesfully executed<br />'; echo 'Results:'; if(mysql_num_rows($sql) == 1) { $result = mysql_fetch_assoc($sql); echo '<pre>'.print_r($result, true).'</pre>'; $ID = $result["ID"]; $_SESSION['session_username'] = $ID; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; // Disabled redirect //echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; //exit; echo "Redirect disabled, click to <a href=\"clients.php?action=edit$ID\">Continue...</a>"; } else { echo "<b><u>Error: The Username/Password Incorrect<br></u></b>"; /* DEBUGGING */ echo 'OK lets debug it!.<br />'; echo 'Perform query... '; $qry = "SELECT * FROM `clients` WHERE ID='$user'"; echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>'; $sql = mysql_query($qry); echo '<br />Query succesfully executed<br />'; echo 'There are '.mysql_num_rows($sql).' with the ID `'.$user.'`<br />'; echo 'Results:'; if(mysql_num_rows($sql) == 1) { $result = mysql_fetch_assoc($sql); echo '<pre>'.print_r($result, true).'</pre>'; echo 'Comparing password... '; if($result['password'] == $pass) echo 'OK'; else { echo 'FAIL'; echo '<br />'.$pass.' ($pass) '.strlen($pass).'<br />'.$result['password'].'($result[password]) '.strlen($result['password']); } } } } ?> All ive done is added some echo statements which just spits out messages so we know whats going on whiles the scripts executes. Post the results here when done. Quote Link to comment Share on other sites More sharing options...
Q695 Posted February 8, 2009 Share Posted February 8, 2009 There is a major flaw with MD5: http://www.insidetech.com/news/articles/3669-hackers-break-ssl-certificates-impersonate-ca?referral=IT_nlet_20090107 Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 Well i tried <?php session_start(); include 'config.php'; if(isset($_GET['login']) && $_GET['login'] == "login") { echo 'Attempting login...<br />'; if(!isset($_POST['username_post'], $_POST['password_post'])) { echo "<b>Error: Username and password required for login</b>"; exit; } echo 'Username/Password provided...<br />'; echo '<pre>$_POST data:<br />'.print_r($_POST, true).'</pre>'; echo 'User: ' . $_POST["username_post"] . '<br />'; $user = mysql_real_escape_string($_POST["username_post"]); echo 'Password: '.$_POST["password_post"] .'<br />'; echo 'MD5 Password... '; // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits). $pass = md5($_POST["password_post"]); echo $pass.'<br />'; echo 'Perform query... '; $qry = "SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1"; echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>'; $sql = mysql_query($qry); echo '<br />Query succesfully executed<br />'; echo 'Results:'; if(mysql_num_rows($sql) == 1) { $result = mysql_fetch_assoc($sql); echo '<pre>'.print_r($result, true).'</pre>'; $ID = $result["ID"]; $_SESSION['session_username'] = $ID; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; // Disabled redirect //echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">"; //exit; echo "Redirect disabled, click to <a href=\"clients.php?action=edit$ID\">Continue...</a>"; } else { echo "<b><u>Error: The Username/Password Incorrect<br></u></b>"; /* DEBUGGING */ echo 'OK lets debug it!.<br />'; echo 'Perform query... '; $qry = "SELECT * FROM `clients` WHERE ID='$user'"; echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>'; $sql = mysql_query($qry); echo '<br />Query succesfully executed<br />'; echo 'There are '.mysql_num_rows($sql).' with the ID `'.$user.'`<br />'; echo 'Results:'; if(mysql_num_rows($sql) == 1) { $result = mysql_fetch_assoc($sql); echo '<pre>'.print_r($result, true).'</pre>'; echo 'Comparing password... '; if($result['password'] == $pass) echo 'OK'; else { echo 'FAIL'; echo '<br />'.$pass.' ($pass) '.strlen($pass).'<br />'.$result['password'].'($result[password]) '.strlen($result['password']); } } } } ?> And on refreshing the page it gave... Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\xampp\panel\clients.php:1) in C:\xampp\htdocs\xampp\panel\clients.php on line 2 It doesn't matter if its hackable, its being used offline with xxamp running. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 First check to see if there is nothing before the opening <?php tag, if there is nothing there then this error is normally caused because you're saving the file as UTF-8 encoding. Either save it as ANSII or UTF-8 without BOM these options should be available within your text editors save dialog. Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 Oh right, so i checked it and stupid me left in a < at the start -feels thick So i ran the script and got this... Attempting login... Username/Password provided... $_POST data: Array ( [username_post] => 1 [password_post] => test [myclicker] => (More) ) User: 1 Password: test MD5 Password... 098f6bcd4621d373cade4e832627b4f6 Perform query... SELECT * FROM `clients` WHERE ID='1' AND password='098f6bcd4621d373cade4e832627b4f6' LIMIT 1 Query succesfully executed Results:Error: The Username/Password Incorrect OK lets debug it!. Perform query... SELECT * FROM `clients` WHERE ID='1' Query succesfully executed There are 1 with the ID `1` Results: Array ( [iD] => 1 [ClientMale] => Rob [ClientFemale] => Eileen [NoticeDAT] => [iP] => 0 [ClientAgem] => 49 [ClientAgef] => 51 [ClientStreet] => 33 Eastville [ClientTown] => Yeovil [ClientPost] => BA21 4JD [ClientNumber] => 01935434962 [ClientNotes] => notes [ClientBudget] => budget [ClientLoc] => location [ClientTime] => time&date [ClientEmail] => N.A [ClientFlo] => Flourists info [ClientPho] => photo info [ClientRecven] => reception info [ClientTran] => transport info [ClientTravg] => travel guests [ClientTravh] => travel honeymoon [ClientHair] => hair [ClientMake] => makeup [ClientOut] => outfit [ClientCat] => caterer [ClientEnter] => entertainment [ClientCon] => contingency [password] => 44c7d73a1fa98c2302f2de67bd80ce95 ) Comparing password... FAIL 098f6bcd4621d373cade4e832627b4f6 ($pass) 32 44c7d73a1fa98c2302f2de67bd80ce95($result[password]) 32 Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 Ok the passwords differ. The md5 for the password you used is 098f6bcd4621d373cade4e832627b4f6 however the encrypted password in your database is 44c7d73a1fa98c2302f2de67bd80ce95 which is completely different and thus your login is failing. Are you using the correct password for user ID 1? How do you insert users into the clients table, post your code here? the login script is working correctly its now to do with the data in your database that is wrong. Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 8, 2009 Author Share Posted February 8, 2009 I'm certain i'm using the right password, i've only used test for these passwords. The password etc is being added using the addclients.php page... addclients.php <? session_start(); include 'config.php'; include 'online.php'; $ip = $_SERVER['REMOTE_ADDR']; //get the ip of the current user if(!isset($_SESSION['session_username']) || empty($_SESSION['session_username']) || $ip!= $_SESSION['session_ip']) { //if the username is not set or the session username is empty or the ip does not match the session ip log them out session_unset(); //clears firefox session_destroy(); //clears IE echo "ERROR!!!"; exit; } ?> <a href="clients.php"><<< Back</a><br><br> <table width="100%" background="../../images/header.PNG"> <tr><td> <font face="Verdana" size="1"><b>Add A Client</b></font> </td></tr></table><font size="1" face="Verdana"><p>From here you can add a new client to the clients list. Just fill in the simple form below. <? $IP = "$REMOTE_ADDR"; $date = date("d/m/y"); $action = $_GET["action"]; $ClientMale = $_POST["ClientMale"]; $ClientFemale = $_POST["ClientFemale"]; $ClientAgem = $_POST["ClientAgem"]; $ClientAgef = $_POST["ClientAgef"]; $ClientStreet = $_POST["ClientStreet"]; $ClientTown = $_POST["ClientTown"]; $ClientPost = $_POST["ClientPost"]; $ClientNumber = $_POST["ClientNumber"]; $NoticeDAT = $_POST["NoticeDAT"]; $ClientBudget = $_POST["ClientBudget"]; $ClientLoc = $_POST["ClientLoc"]; $ClientTime = $_POST["ClientTime"]; $ClientEmail = $_POST["ClientEmail"]; $password = $_POST["password"]; if($action == "add") { include ("config.php"); if(!$ClientMale || !$password) { echo "<br><br><b>You must enter a username and password!</b>"; exit; } $password = md5($password); $add = mysql_query("INSERT INTO `clients` ( `ClientMale`, `ClientFemale`, `ClientAgem`, `ClientAgef`, `NoticeDAT`, `ClientStreet`, `ClientTown`, `ClientPost`, `ClientNumber`, `ClientBudget`, `ClientLoc`, `ClientTime`, `ClientEmail`, `password`) VALUES ('$ClientMale', '$ClientFemale', '$ClientAgem', '$ClientAgef', '$NoticeDAT', '$ClientStreet', '$ClientTown', '$ClientPost', '$ClientNumber', '$ClientBudget', '$ClientLoc', '$ClientTime', '$ClientEmail', '$password')"); echo "<br><Br><b>The clients has been added to the clients list.</b>"; } else { echo "<form method='post' action='addclients.php?action=add'> <table border=\"0\" cellpadding=\"2\" cellspacing=\"5\"> <tr><td><font face=\"Verdana\" size=\"1\">Male Client:</td><td valign='top'><input type='text' name='ClientMale' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientMale' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Female Client::</td><td><input type='text' name='ClientFemale' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientFemale' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Male Client Age:</td><td><input type='text' name='ClientAgem' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientAgem' value='N.A'> <b>N/A</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Female Client Age:</td><td><input type='text' name='ClientAgef' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientAgef' value='N.A'> <b>N/A</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Contact Email:</td><td><input type='text' name='ClientEmail' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientEmail' value='N.A'> <b>N/A</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Client Password:</td><td><input type='text' name='password' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Street Name:</td><td><input type='text' name='ClientStreet' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='$password' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Town Name:</td><td><input type='text' name='ClientTown' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Postcode:</td><td><input type='text' name='ClientPost' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Contact Number:</td><td><input type='text' name='ClientNumber' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Budget:</td><td><input type='text' name='ClientBudget' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Wedding Location:</td><td><input type='text' name='ClientLoc' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr> <tr><td><font face=\"Verdana\" size=\"1\">Wedding Date And Time:</td><td><input type='text' name='ClientTime' class='button' size='25'> <font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr> <tr><td></td><td><input type='submit' name='submit' value='Submit'></td></tr> </form>"; } ?> </P></font> </font></font></font></font></font> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 8, 2009 Share Posted February 8, 2009 Okay try this. Create a new php file with the following code and run it only once. <?php if(isset($_GET['run'])) { die('password reset'); } mysql_query("UPDATE `clients` SET `password`='".md5('test')."' WHERE `ID`=1"); header('Location '.$_SERVER['PHP_SELF'].'?run'); ?> That will reset the the password for the user ID 1. Try your login code again if it works. Then it means either you used a different password when you added the first user or there is problem with the code that adds the user to clients table.[/code] Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 9, 2009 Author Share Posted February 9, 2009 Tried that and boom bang bong, still don't work. This has too be the hardest php problem i've ever had? Quote Link to comment Share on other sites More sharing options...
PGTibs Posted February 9, 2009 Author Share Posted February 9, 2009 When i run the last thing you mentioned as far as i'm aware the password still changes, however the clients page still doesn't accept it? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 9, 2009 Share Posted February 9, 2009 Login with the user ID of 1 using the password test and post the output of this script again. What the script does here is reset the password for the user ID of 1 to the md5 hash of test which is 098f6bcd4621d373cade4e832627b4f6 Quote Link to comment Share on other sites More sharing options...
Andy-H Posted February 9, 2009 Share Posted February 9, 2009 Okay try this. Create a new php file with the following code and run it only once. <?php if(isset($_GET['run'])) { die('password reset'); } mysql_query("UPDATE `clients` SET `password`='".md5('test')."' WHERE `ID`=1"); header('Location '.$_SERVER['PHP_SELF'].'?run'); ?> That will reset the the password for the user ID 1. Try your login code again if it works. Then it means either you used a different password when you added the first user or there is problem with the code that adds the user to clients table.[/code] Doesn't md5() encrypt the apostraphies too? Try md5(test); ? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted February 9, 2009 Share Posted February 9, 2009 No md5 expects a string and all strings must be defined within quotes. Otherwise PHP will think you're using a constant. md5('test') is the same as $pass = 'test'; md5($pass); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.