jamesxg1 Posted June 10, 2009 Share Posted June 10, 2009 <?php session_start(); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); if (isset($username) && isset($password)) { $sql = "SELECT * FROM `users` WHERE username = '$username AND password = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (mysql_num_rows($results) > 0) { header('Location:hello.php'); } else { print "Please Enter All Field's"; } } else { print "Account Does Not Exist"; } ?> When i only fill one field and post it it show's the "Account Does Not Exist" error, it wont show any other error except the "Account Does Not Exist" one :S, anyone have any idea's ?, Many thanks, James. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Sorry refix. <?php session_start(); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); if (isset($username) && isset($password)) { $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (mysql_num_rows($results) > 0) { header('Location:hello.php'); } else { print "Please Enter All Field's"; } } else { print "Account Does Not Exist"; } ?> Quote Link to comment Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 Echo out '$_POST['username']' and '$_POST['password']' to make sure there are values being sent. If there are, see what exactly your 'Clean' and 'Encrypt' functions return. That's the only way your if wouldn't be true. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Echo out '$_POST['username']' and '$_POST['password']' to make sure there are values being sent. If there are, see what exactly your 'Clean' and 'Encrypt' functions return. That's the only way your if wouldn't be true. i used print_r() before the if statment and i got, Array ( [username] => test [password] => test [submit] => Submit ) Account Does Not Exist Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 <?php function Clean($input) { $clean = mysql_real_escape_string(stripslashes($input)); } function Encrypt($input) { $encrypt = sha1(md5($input)); } ?> They are the functions used in the script. Quote Link to comment Share on other sites More sharing options...
mattal999 Posted June 10, 2009 Share Posted June 10, 2009 Try echoing out the value of the Encrypted Password and check what it is in the DB. Nothing looks wrong with the code, so maybe you're checking the encrypted pass against the normal pass. Quote Link to comment Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 You have to return the values from your functions: return mysql_real_escape_string(stripslashes($input)); and return sha1(md5($input)); Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Change in functions. <?php function Clean($value) { if(is_array($value)) { if(get_magic_quotes_gpc()) { $value=array_map("stripslashes",$value); } if(!array_map("is_numeric",$value)) { $value=array_map("mysql_real_escape_string",$value); } } else { if(get_magic_quotes_gpc()) { $value=stripslashes($value); } if(!is_numeric($value)) { $value="'" . mysql_real_escape_string($value) . "'"; } } return $value; } function Encrypt($input) { $encrypt = sha1(md5($input)); } return $encrypt; ?> Quote Link to comment Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 Which functions are you using? You listed 2 separate ones with the same name... Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Which functions are you using? You listed 2 separate ones with the same name... Im using Encrypt() and Clean() . Quote Link to comment Share on other sites More sharing options...
Maq Posted June 10, 2009 Share Posted June 10, 2009 Which functions are you using? You listed 2 separate ones with the same name... Im using Encrypt() and Clean() . I know that. But you posted 2 separate functions with those names. The first set: function Clean($input) { $clean = mysql_real_escape_string(stripslashes($input)); } function Encrypt($input) { $encrypt = sha1(md5($input)); } ?> They are the functions used in the script. Problems: You don't return anything in either of these functions. And the second set: Change in functions. function Clean($value) { if(is_array($value)) { if(get_magic_quotes_gpc()) { $value=array_map("stripslashes",$value); } if(!array_map("is_numeric",$value)) { $value=array_map("mysql_real_escape_string",$value); } } else { if(get_magic_quotes_gpc()) { $value=stripslashes($value); } if(!is_numeric($value)) { $value="'" . mysql_real_escape_string($value) . "'"; } } return $value; } function Encrypt($input) { $encrypt = sha1(md5($input)); } return $encrypt; ?> Problems: You are missing a terminating '}' for your 'Encrypt()' function. Quote Link to comment Share on other sites More sharing options...
J.Daniels Posted June 10, 2009 Share Posted June 10, 2009 Also, you need to switch the two else statements. The first if checks if the username and password have been supplied. The second if checks if they match any record in the database <?php session_start(); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); if (isset($username) && isset($password)) { $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (mysql_num_rows($results) > 0) { header('Location:hello.php'); } else { print "Account Does Not Exist"; } } else { print "Please Enter All Field's"; } ?> Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted June 10, 2009 Author Share Posted June 10, 2009 Ok, This is the script so far as im building it. <?php session_start(); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); $sekret = Clean($_POST['sekret']); $POST = count($_POST); $GET = count($_GET); $length = strlen($_POST['username'] || $_POST['password']); if ($POST > 3 || $GET > 0) { if ($length > 32) { if ($_SESSION['token'] != $_POST['token']) { echo "Invalid submission."; exit(); } if (isset($username) && isset($password)) { $sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (mysql_num_rows($results) > 0) { header('Location:hello.php'); } else { print "Submission Error, Too Man Post Varibles."; } } else { print "Submission Error, Post Varibles Too Long"; } } else { print "Error, Account Does Not Exist"; } } else { print "Error, Please Enter All Field's"; } ?> It is still showing the one error for everything. Quote Link to comment Share on other sites More sharing options...
J.Daniels Posted June 10, 2009 Share Posted June 10, 2009 This is what I'm assuming you are trying to do with your code. <?php session_start(); include 'Functions.php'; include 'Database.php'; $username = Clean($_POST['username']); $password = Encrypt($_POST['password']); $sekret = Clean($_POST['sekret']); $POST = count($_POST); $GET = count($_GET); $length = strlen($_POST['username'] || $_POST['password']); if ($_SESSION['token'] != $_POST['token']) { echo "Invalid submission."; exit(); } if ($POST == 4 && $GET == 0) { if ($length > 32) { $sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'"; $results = mysql_query($sql) or die (mysql_error()); if (mysql_num_rows($results) > 0) { header('Location:hello.php'); } else { print "Error, Account Does Not Exist"; } } else { print "Submission Error, Post Varibles Too Long"; } } elseif ($POST < 4 && $GET == 0) { print "Error, Please Enter All Field's"; } else { print "Submission Error, Too Man Post Varibles."; } ?> I am just a little unclear on what you are trying to do with this part: $length = strlen($_POST['username'] || $_POST['password']); I think (I haven't tested this) this will always return a length of 1 as it is a conditional check. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.