Jump to content

Not Storing Password

gamerzfuse

By gamerzfuse
in PHP Coding Help

 Share

Recommended Posts

gamerzfuse Member

gamerzfuse

Posted
Posted

I'm sure this is a simple fix, but I've been staring at this code for too long (still an amateur here):

 

<?php // signup.php

include("common.php");
include("db.php");

if (!isset($_POST['submitok'])):
    // Display the user signup form
    ?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title> New User Registration </title>
  <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1
</head>
<body>

<h3>New User Registration Form</h3>
<p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
   indicates a required field</p>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0" cellpadding="0" cellspacing="5">
    <tr>
        <td align="right">
            <p>User ID</p>
        </td>
        <td>
            <input name="newid" type="text" maxlength="50" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
<tr>
        <td align="right">
            <p>Password</p>
        </td>
        <td>
            <input name="newpass" type="password" maxlength="50" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    <tr>
        <td align="right">
            <p>Full Name</p>
        </td>
        <td>
            <input name="newname" type="text" maxlength="100" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    <tr>
        <td align="right">
            <p>E-Mail Address</p>
        </td>
        <td>
            <input name="newemail" type="text" maxlength="100" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    
    <tr>
        <td align="right" colspan="2">
            <hr noshade="noshade" />
            <input type="reset" value="Reset Form" />
            <input type="submit" name="submitok" value="   OK   " />
        </td>
    </tr>
</table>
</form>

</body>
</html>

    <?php
else:
    // Process signup submission
    dbConnect('craighoo_sessions');

    if ($_POST['newid']=='' or $_POST['newname']==''
      or $_POST['newemail']=='') {
        error('One or more required fields were left blank.\\n'.
              'Please fill them in and try again.');
    }
    
    // Check for existing user with the new id
    $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
    $result = mysql_query($sql);
    if (!$result) {	
        error('A database error occurred in processing your '.
              'submission.\\nIf this error persists, please '.
              'contact you@example.com.');
    }
    if (mysql_result($result,0,0)>0) {
        error('A user already exists with your chosen userid.\\n'.
              'Please try another.');
    }
    
  
    $sql = "INSERT INTO user SET
              userid = '$_POST[newid]',
              password = PASSWORD('$newpass'),
              fullname = '$_POST[newname]',
              email = '$_POST[newemail]',
              notes = '$_POST[newnotes]'";
    if (!mysql_query($sql))
        error('A database error occurred in processing your '.
              'submission.\\nIf this error persists, please '.
              'contact you@example.com.\\n' . mysql_error());
              
    // Email the new password to the person.
    $message = "G'Day!

Your personal account for the Project Web Site
has been created! To log in, proceed to the
following address:

    http://www.example.com/

Your personal login ID and password are as
follows:

    userid: $_POST[newid]
    password: $newpass

You aren't stuck with this password! Your can
change it at any time after you have logged in.

If you have any problems, feel free to contact me at
<you@example.com>.

-Your Name
Your Site Webmaster
";

    mail($_POST['newemail'],"Your Password for the Project Website",
         $message, "From:Your Name <you@example.com>");
         
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
      <title> Registration Complete </title>
      <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <p><strong>User registration successful!</strong></p>
    <p>Your userid and password have been emailed to
       <strong><?=$_POST['newemail']?></strong>, the email address
       you just provided in your registration form. To log in,
       click <a href="index.php">here</a> to return to the login
       page, and enter your new personal userid and password.</p>
    </body>
    </html>
    <?php
endif;
?>

 

Issue #1:

The password is not storing in the database. I can enter a password and username, no errors are shown, but the email has no password shown and when I login in the password does not work, but..

 

Issue #2:

I can login to the account with JUST the username and no password.

 

If you need any other files, please let me know.

Demo:

http://www.craighooghiem.com/testing/signup.php
AND
http://www.craighooghiem.com/testing/protectedpage.php

Link to comment
https://forums.phpfreaks.com/topic/156010-not-storing-password/
Share on other sites
revraz Member

revraz

Posted
Posted

You need to do something like this

 

$newpass = $_POST['newpass'];

 

$sql = "INSERT INTO user SET

              userid = '$_POST[newid]',

              password = PASSWORD($newpass),

              fullname = '$_POST[newname]',

              email = '$_POST[newemail]',

              notes = '$_POST[newnotes]'";

 

But you should sanitize all your POST variables.

Link to comment
https://forums.phpfreaks.com/topic/156010-not-storing-password/#findComment-821307
Share on other sites
gamerzfuse Member

gamerzfuse

Posted
  • Author
Posted

Alright, so the first issue is resolved as the password is now stored in the database using the PASSWORD PHP function.

 

Unfortunately, none of the accounts work with the username/password.

 

Here's the latest signup.php code if anyone can help:

 

<?php // signup.php

include("common.php");
include("db.php");

if (!isset($_POST['submitok'])):
    // Display the user signup form
    ?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title> New User Registration </title>
  <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1
</head>
<body>

<h3>New User Registration Form</h3>
<p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
   indicates a required field</p>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0" cellpadding="0" cellspacing="5">
    <tr>
        <td align="right">
            <p>User ID</p>
        </td>
        <td>
            <input name="newid" type="text" maxlength="50" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
<tr>
        <td align="right">
            <p>Password</p>
        </td>
        <td>
            <input name="newpass" type="password" maxlength="50" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    <tr>
        <td align="right">
            <p>Full Name</p>
        </td>
        <td>
            <input name="newname" type="text" maxlength="100" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    <tr>
        <td align="right">
            <p>E-Mail Address</p>
        </td>
        <td>
            <input name="newemail" type="text" maxlength="100" size="25" />
            <font color="orangered" size="+1"><tt><b>*</b></tt></font>
        </td>
    </tr>
    
    <tr>
        <td align="right" colspan="2">
            <hr noshade="noshade" />
            <input type="reset" value="Reset Form" />
            <input type="submit" name="submitok" value="   OK   " />
        </td>
    </tr>
</table>
</form>

</body>
</html>

    <?php
else:
    // Process signup submission
    dbConnect('craighoo_sessions');

    if ($_POST['newid']=='' or $_POST['newpass']=='' or $_POST['newname']==''
      or $_POST['newemail']=='') {
        error('One or more required fields were left blank.\\n'.
              'Please fill them in and try again.');
    }
    
    // Check for existing user with the new id
    $sql = "SELECT COUNT(*) FROM user WHERE userid = '$_POST[newid]'";
    $result = mysql_query($sql);
    if (!$result) {	
        error('A database error occurred in processing your '.
              'submission.\\nIf this error persists, please '.
              'contact you@example.com.');
    }
    if (mysql_result($result,0,0)>0) {
        error('A user already exists with your chosen userid.\\n'.
              'Please try another.');
    }
    
  $newpass = $_POST['newpass'];
  
    $sql = "INSERT INTO user SET
              userid = '$_POST[newid]',
              password = PASSWORD('$_POST[newpass]'),
              fullname = '$_POST[newname]',
              email = '$_POST[newemail]',
              notes = '$_POST[newnotes]'";
    if (!mysql_query($sql))
        error('A database error occurred in processing your '.
              'submission.\\nIf this error persists, please '.
              'contact you@example.com.\\n' . mysql_error());
              
    // Email the new password to the person.
    $message = "G'Day!

Your personal account for the Project Web Site
has been created! To log in, proceed to the
following address:

    http://www.example.com/

Your personal login ID and password are as
follows:

    userid: $_POST[newid]
    password: $newpass

You aren't stuck with this password! Your can
change it at any time after you have logged in.

If you have any problems, feel free to contact me at
<you@example.com>.

-Your Name
Your Site Webmaster
";

    mail($_POST['newemail'],"Your Password for the Project Website",
         $message, "From:Your Name <you@example.com>");
         
    ?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
      <title> Registration Complete </title>
      <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <p><strong>User registration successful!</strong></p>
    <p>Your userid and password have been emailed to
       <strong><?=$_POST['newemail']?></strong>, the email address
       you just provided in your registration form. To log in,
       click <a href="index.php">here</a> to return to the login
       page, and enter your new personal userid and password.</p>
    </body>
    </html>
    <?php
endif;
?>

 

Thanks!

Link to comment
https://forums.phpfreaks.com/topic/156010-not-storing-password/#findComment-821387
Share on other sites
gamerzfuse Member

gamerzfuse

Posted
  • Author
Posted

PASSWORD is not a PHP function, it's a mysql hash. You should consider changing to SHA1 or MD5 actually.

 

Alright, so the first issue is resolved as the password is now stored in the database using the PASSWORD PHP function.

 

 

 

Ok.. can I just change the term PASSWORD to MD5 then?

I'll do this, but this won't actually change the situation will it? (testing now)

 

I changed the PASSWORD to MD5 and also changed this bit from my accesscontrol.php file:

$sql = "SELECT * FROM user WHERE
       userid = '$uid' AND password = MD5('$pwd')";

 

Still not working. Still Access Denied.

 

I removed the encoding completely and it sends it to MySQL exactly as typed and this works fine.

Must be in the encoding/decoding somewhere.

Link to comment
https://forums.phpfreaks.com/topic/156010-not-storing-password/#findComment-821393
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

That is because you need to change the password in the users table first so when they sign up their password is stored using md5 instead of password and when you check if the user exsits you perform the same algorithm. Btw you could have kept using password.

 

insert the user into the database:

INSERT INTO users SET username = '$username', password = PASSWORD('$password')

 

then to check if the user exists:

SELECT * FROM users WHERE username = '$username' AND password = PASSWORD('$password')

Link to comment
https://forums.phpfreaks.com/topic/156010-not-storing-password/#findComment-821662
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.