jwhillster Posted May 29, 2010 Share Posted May 29, 2010 I have inhereted a little problem, and can't seem to find an easy answer anywhere. The registration page from the site in question employs MD5 on the password without a hitch, but the login page does not want to work? Neither the original password or the encrypted version will result in successful login (i tried the encrypted version to see if maybe encryption was not happening to the login password). Anyway, hopefully someone can see what the problem is, or I'm going to have to bite the bullet and recode it. Thanks in advance!!! <?php require_once('Connections/vprRegistration.php'); ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['txtUsername'])) { $loginUsername=$_POST['txtUsername']; $password=strip_tags(substr($_POST['txtPassword'],0,32)); $cleanpw = crypt(md5($pw)); $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "account_manage.php"; $MM_redirectLoginFailed = "login.php?failed=true"; $MM_redirecttoReferrer = false; mysql_select_db($database_vprRegistration, $vprRegistration); $LoginRS__query=sprintf("SELECT RegUsername, RegPassword FROM registration WHERE RegUsername=%s AND RegPassword='". mysql_real_escape_string($cleanpw)."'", GetSQLValueString($_POST['txtUsername'], "text"), GetSQLValueString($_POST['txtPassword'], "text")); $LoginRS = mysql_query($LoginRS__query, $vprRegistration) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> Quote Link to comment Share on other sites More sharing options...
jwhillster Posted May 29, 2010 Author Share Posted May 29, 2010 line 42 should be: $cleanpw = crypt(md5($password)); not: $cleanpw = crypt(md5($pw)); still not working though. Quote Link to comment Share on other sites More sharing options...
shino Posted May 29, 2010 Share Posted May 29, 2010 Have you tried md5 without the crypt? An easy way would be to pick a password say: test, do md5('test'); then compare that result with the one from your code in your login sequence and see if it's identical, that way you can spot your problem. Quote Link to comment Share on other sites More sharing options...
jwhillster Posted May 29, 2010 Author Share Posted May 29, 2010 Brilliant! Works fine with 'crypt' removed from both the registration page and this login page. Not 100% sure why right now, but I'm sure I'll figure it out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.