turkman Posted March 2, 2010 Share Posted March 2, 2010 Hey Guys ive wrote this logging in script but im not sure why it isnt logging in ive added echos too see what two strings the strcmp is comparing and the output is this Admin 05957a3ee71e1ea8a059460b60647b3e pass = 05957a3ee71e1ea8a059460b60647b3e Login Failed Click Here To Continue Now both those hashed passwords seem to match so why isnt it logging in? if(isset($_GET['d'])){ //try loging if(isset($_POST['uname']) AND isset($_POST['pass'])){ $u = protect($_POST['uname']); $p = md5($_POST['pass']); echo $u ." " . $p . " <br>"; //now to login $val = "SELECT * FROM pword WHERE uname = '$u'"; $res = mysql_query($val) or die (mysql_error()); $numrows = mysql_num_rows($res); If($numrows < 1) { $_SESSION['LOGINSTATUS'] = "INVALID"; echo "<a href = 'index.php'> Login Failed: Click Here To continue blah vlah</a>";} while($row = mysql_fetch_array($res , MYSQL_ASSOC)) { if(strcmp($row['pass'],$pass)==0){ echo "<pass = " . $row['pass']; $_SESSION['uname'] =$row['uname']; $_SESSION['ID']= $row['ID']; $_SESSION['LOGINSTATUS'] = "VALID"; echo "<a href = 'index.php'>Login Accepted Click Here To Continue</a>"; } else{ echo "pass = " . $row['pass'] ."<br>"; echo "<a href = 'index.php'>Login Failed Click Here To Continue</a>"; } } } //header("Location: index.php"); } Quote Link to comment Share on other sites More sharing options...
sangoku Posted March 2, 2010 Share Posted March 2, 2010 is it me or you did not open the connection? Quote Link to comment Share on other sites More sharing options...
turkman Posted March 2, 2010 Author Share Posted March 2, 2010 sorry i left out the session_start bit and the includes at the top. Any other ideas? Quote Link to comment Share on other sites More sharing options...
omniowner Posted March 2, 2010 Share Posted March 2, 2010 Hey Guys ive wrote this logging in script but im not sure why it isnt logging in ive added echos too see what two strings the strcmp is comparing and the output is this Admin 05957a3ee71e1ea8a059460b60647b3e pass = 05957a3ee71e1ea8a059460b60647b3e Login Failed Click Here To Continue Now both those hashed passwords seem to match so why isnt it logging in? if(isset($_GET['d'])){ //try loging if(isset($_POST['uname']) AND isset($_POST['pass'])){ $u = protect($_POST['uname']); $p = md5($_POST['pass']); echo $u ." " . $p . " <br>"; //now to login $val = "SELECT * FROM pword WHERE uname = '$u'"; $res = mysql_query($val) or die (mysql_error()); $numrows = mysql_num_rows($res); If($numrows < 1) { $_SESSION['LOGINSTATUS'] = "INVALID"; echo "<a href = 'index.php'> Login Failed: Click Here To continue blah vlah</a>";} while($row = mysql_fetch_array($res , MYSQL_ASSOC)) { if(strcmp($row['pass'],$pass)==0){ echo "<pass = " . $row['pass']; $_SESSION['uname'] =$row['uname']; $_SESSION['ID']= $row['ID']; $_SESSION['LOGINSTATUS'] = "VALID"; echo "<a href = 'index.php'>Login Accepted Click Here To Continue</a>"; } else{ echo "pass = " . $row['pass'] ."<br>"; echo "<a href = 'index.php'>Login Failed Click Here To Continue</a>"; } } } //header("Location: index.php"); } You have your strcmp backwards. if (strcmp($pw1, $pw2)) { // This returns false. // $pw1 and $pw2 are NOT the same. } else { // $pw1 and $pw2 are the same. } Try flipping it around and see what happens. Quote Link to comment Share on other sites More sharing options...
monk_sam Posted March 2, 2010 Share Posted March 2, 2010 Why don't you just var_dump $res or $numrows to see if you get 1. Quote Link to comment Share on other sites More sharing options...
turkman Posted March 2, 2010 Author Share Posted March 2, 2010 i did have numrows echod before and it equalld 1 Which is right ! That strcmp being backwards thing cant be right?? Quote Link to comment Share on other sites More sharing options...
omniowner Posted March 2, 2010 Share Posted March 2, 2010 i did have numrows echod before and it equalld 1 Which is right ! That strcmp being backwards thing cant be right?? I just noticed you had it == 0 . So disregard. Quote Link to comment Share on other sites More sharing options...
turkman Posted March 2, 2010 Author Share Posted March 2, 2010 i echo'd the strcmp result and its giving 32 as the result... The strings look identical!!! Quote Link to comment Share on other sites More sharing options...
omniowner Posted March 2, 2010 Share Posted March 2, 2010 i echo'd the strcmp result and its giving 32 as the result... The strings look identical!!! Why are you using strcmp? Pass the row value into a variable and compare the two? Quote Link to comment Share on other sites More sharing options...
omniowner Posted March 2, 2010 Share Posted March 2, 2010 Just an idea.. while($row = mysql_fetch_array($res , MYSQL_ASSOC)) $rowpass=$row['pass']; { //for debug echo "$rowpass"; echo "$pass"; if($rowpass == $pass) { Quote Link to comment Share on other sites More sharing options...
turkman Posted March 2, 2010 Author Share Posted March 2, 2010 got it working... sorry i made the variable $p which was a md5 hash of $_post['pass'] Then i compared $_POST['pass'] to row['pass'] rather than the $p My bad Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.