Login Script and MD5 password

[bravo14]

Hi all

 

I have a login form and script using md5 encryption, I know I have entered the correct password but I get a message saying the password I have entered is incorrect the code is below

<?php 
session_start();
include_once('includes/connector.php'); //Just include the connector at the top
if($_POST['submit']) //Added quotes around submit and removed = 1 
{
  foreach ($_POST as $key => $val) {
    $$key = mysql_real_escape_string($val); //This is a huge security hole, as it allows people to inject variables into your code
  } //This was one missing brace

  //is the email already registered?
  $user = mysql_query("SELECT username FROM `tbl_admin_users` WHERE username='$username'"); //Added single quotes around $email
  if(mysql_num_rows($user) > 0) //login name was found
  { 
    //is the password correct
    $password = mysql_query("SELECT username FROM `tbl_admin_users` WHERE username='$username' and password=md5('$password')"); //Again added single quotes
    if(mysql_num_rows($password) > 0)//password is correct
    {
      $_SESSION['auth']="yes";                    
      $_SESSION['logname'] = $email; //Just use $email here            
      header("Location: index.php");
      exit; //You should have an exit after a header('Location')
    }
    else //password is incorrect
    {

      $message="The email, '$email' 
                exists, but you have not entered the 
                correct password! Please try again.<br>";
    }
  }
  else  // username not found 
  {   
    $message = "The Login Name you entered does not 
                exist! Please try again.<br>";
  }
} //Another brace was missing here
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="../style/2008.css" rel="stylesheet" type="text/css" />
</head>

<body>
<form name="login" method="post" action="login.php" onsubmit="return checkform()">
  <table>
<?php                                                  
if (isset($message))
{
  echo "<tr><td style='color: red' 
       colspan='2' align='center'>$message <br /></td></tr>";
}
?>
    <tr>
      <td>Username:</td><td><input name="username" type="text" size="30" /></td></tr>
  <tr><td>Password:</td><td><input name="password" type="password" size="30" /></td></tr>
  <tr><td><input type="hidden" name="submit" id="hiddenField" value="1"/></td>
  <td><input name="login2" type="submit" value="Login" class="button" /></td>
  </tr>
  </table>
</form>
    </body>
</html>

 

Any ideas where I have gone wrong?

 

Mark

[9three]

$password = mysql_query("SELECT username FROM `tbl_admin_users` WHERE username='$username' and password=md5('$password')");

 

You are defining your variable password here as a mysql function. But then you are telling the mysql function to use the variable password as the user's input. Does that make sense? Because it shouldn't.

[bravo14]

Many thanks for that, however I am still getting the same message.

<?php 
session_start();
include_once('includes/connector.php');
if($_POST['submit']) 
{
  foreach ($_POST as $key => $val) {
    $$key = mysql_real_escape_string($val); 
  } 

  //is the email already registered?
  $user = mysql_query("SELECT username FROM `tbl_admin_users` WHERE username='$username'"); //Added single quotes around $email
  if(mysql_num_rows($user) > 0) //login name was found
  { 
    //is the password correct
    $checkpassword = mysql_query("SELECT username FROM `tbl_admin_users` WHERE username='$username' and password=md5('$password')"); //Again added single quotes
    if(mysql_num_rows($checkpassword) > 0)//password is correct
    {
      $_SESSION['auth']="yes";                    
      $_SESSION['logname'] = $username; //Just use $email here            
      header("Location: index.php");
      exit; //You should have an exit after a header('Location')
    }
    else //password is incorrect
    {

      $message="The email, '$email' 
                exists, but you have not entered the 
                correct password! Please try again.<br>";
    }
  }
  else  // username not found 
  {   
    $message = "The Login Name you entered does not 
                exist! Please try again.<br>";
  }
} //Another brace was missing here
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="../style/2008.css" rel="stylesheet" type="text/css" />
</head>

<body>
<form name="login" method="post" action="login.php" onsubmit="return checkform()">
  <table>
<?php                                                  
if (isset($message))
{
  echo "<tr><td style='color: red' 
       colspan='2' align='center'>$message <br /></td></tr>";
}
?>
    <tr>
      <td>Username:</td><td><input name="username" type="text" size="30" /></td></tr>
  <tr><td>Password:</td><td><input name="password" type="password" size="30" /></td></tr>
  <tr><td><input type="hidden" name="submit" id="hiddenField" value="1"/></td>
  <td><input name="login2" type="submit" value="Login" class="button" /></td>
  </tr>
  </table>
</form>
    </body>
</html>

[PFMaBiSmAd]

Your query is syntactically correct (tested) and is probably being executed. That means that the md5() of your password does not match what is in your table.

 

Echo the md5() of the password you are entering and then check directly in your database that the md5 values stored there is exactly the same.

[bravo14]

cracked it, I hadn't made the field long enough.

 

Thanks again for your help