Why can't I log in?

[budder]

If you were php4 why wouldn't you log me in with this script? Php5 have no problemo :b

<?PHP 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 

if(!isset($_POST['username']) || !isset($_POST['password']) OR !isset($_POST['login'])) {
header("location: login.html");
}
else {

$dbHost		=	"xx";
$dbUser		=	"xx";
$dbPass		=	"xx";
$dbDatabase	=	"x";



$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='" . $user . "' AND password='" . $pass . "'", $db); 



$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 


  session_start(); 
  $_SESSION['username'] = $user;


  echo 'Success!'; 


  header( "Location: inde_x.php" ); 

  } 

  } 
  else { 



  echo 'Forkert brugernavn eller kodeord.'; 

  
  } }
  ?> 

 

[trq]

There is nothing php4 or 5 specific with the script. You might need to start debugging it and post us some more useful information.

[budder]

When I remove the addslashes(); and md5(); it will login but with a headers already sent error.

I got one user in my database that haven't been md5(); with the password and ony that user will log in (with error) when I remove the addslashes and md5();

[Deoctor]

while registering are u using the md5 and storing the values in sql databse

[budder]

Yeah, i'm using the following line:

INSERT INTO users (username,password) VALUES('admin',md5('pass123'));

 

Do mysql got any problems with addslashes(); when it's locating the username in the table?

[Deoctor]

in ur select query i dont think u are using the md5

 

$result=mysql_query("select * from users where username='" . $user . "' AND password='" . $pass . "'", $db); 

[budder]

But i got this at the top of my script:

$user = addslashes($_POST['username']);

$pass = md5($_POST['password']);

 

Should md5(); be in the $result ?

 

Im going to try it out (:

 

Hmm, still getting wrong pass og username.

 

Maybe I should make af if statement:

 

if username wrong {

username wrong

elseif password wrong {

password wrong

else {

Both wrong

[trq]

Do mysql got any problems with addslashes(); when it's locating the username in the table?

 

Depends, you may have magic quotes enabled (you can check this using get_magic_quotes_gpc) making your data get escaped twice (and therefore adding extra slashes to it).

 

Either way, you should be using mysql_real_escape_string if its available to you.

 

 

[budder]

It returns 1 when testing magic_quotes

 

So it should be:

$user = mysql_real_escape_string($_POST['username']);

$pass = mysql_real_escape_string($_POST['password']);

 

??

[Deoctor]

try it for username only.

do one more thing check whether u are getting the post values correctly

 

$result=mysql_query("select * from users where username='" . $user . "' AND password='" . $pass . "'", $db); 

 

remove the mysql_query and do some thing like this

 

 

$result=("select * from users where username='" . $user . "' AND password='" . $pass . "'", $db); 
echo $result;

 

now run the same query in ur mysql and see what results u are getting..

[budder]

With og without the mysql_real_escape_string there is no slashes. Only getting at error when trying to display the output from the mysql_query

 

$data = "select*from users where username='" . $user . "' AND password='" . $pass . "'";

 

echo $data;

 

Getting the syntax error, unexpected T_VARIABLE

when adding that line.

[oni-kun]

There seems to be nothing wrong with that line. The line before those are most likely the problem, in being a missing semicolon ( ; )

[budder]

Alright this is kind a wired but here we go:

<?PHP 
$user = mysql_real_escape_string($_POST['username']); 
$pass = ($_POST['password']);  

if(!isset($_POST['username']) || !isset($_POST['password']) OR !isset($_POST['login'])) {
header("location: login.html");
}
else {

$dbHost		=	"x";
$dbUser		=	"x";
$dbPass		=	"x";
$dbDatabase	=	"x";



$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='" . $user . "' AND password='" . md5($pass) . "'", $db);


$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 


  session_start(); 
  $_SESSION['username'] = $user;


  echo 'Success!'; 


  header( "Location: inde_x.php" ); 

  } 

  } 
  else { 



  echo 'Forkert brugernavn eller kodeord.'; 

  
  } }
  ?> 

 

Now it's working with the line but still got my problem. But added this line:

$data = "select*from users where username='" . $user . "' AND password='" . $pass . "'";

 

echo $data;

 

And got this:

username='test25' AND password='137dcec44002170db2d2dcd9c70dbebf'

 

And checks if the md5(pass) are the same as in the DB:

17 test25 137dcec44002170db2d2

 

Hmm what the?

I have just added this user with following mysql line:

INSER INTO users (username,password) VALUES(

'test25',md5('magnus'));

 

Why don't they match?

 

Could it be that the row isn't long enough? 

 

[oni-kun]

17  test25  137dcec44002170db2d2

 

137dcec44002170db2d2dcd9c70dbebf is magnus, Do you see how it is truncating the hash sum?

[budder]

Yeah I do, but is it because my password row in my table 'users' is to short to fit the hash of md5(magnus)?

[trq]

Yeah I do, but is it because my password row in my table 'users' is to short to fit the hash of md5(magnus)?

 

It would seem so. md5 hashes are 32 chars long, make sure your field is.

[budder]

I GOT IT ! I'm the one to blame

Only 20 char in password so got i up to 50 and now the only error I get is the header error but no problemo (:

 

Thanks guys