Jump to content

Help: login/password check script

cinos11

By cinos11
in PHP Coding Help

 Share

Recommended Posts

cinos11 Newbie

cinos11

Posted
Posted

After writing:

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){

// User exists, check password
	$newpass = md5($pass2);
	//I need to get the pass to verify within this statement properly
	if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_user WHERE user_pass ='".$newpass."'"))){
$validadminUser = true;
	$_SESSION['userName'] = $user2;
}	
}
    if ($validUser != true) $errorText = "Invalid username or password!";

    if ($validadminUser == true) $_SESSION['validadminUser'] = true;
    if ($validadminUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validadminUser'] = false;

return $errorText;	
}

 

I can get the username verified but

I can't get the password to be verified.

The password in the database is also in md5.

So it would need to become in md5 encryption then checked within the database's password.

 

Any way to fix this?

Link to comment
https://forums.phpfreaks.com/topic/204663-help-loginpassword-check-script/
Share on other sites
cinos11 Newbie

cinos11

Posted
  • Author
Posted

Where's $pass2 being set?

 

Within this login script:

<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/login/common.php');

$error = '0';

if (isset($_POST['submitBtn'])){
// Get user input
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
        
// Try to login the user
$error = loginadminUser($username,$password);
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" href=<?php $_SERVER['DOCUMENT_ROOT'];?>/img/favicon.ico" type=image/x-icon" />
   <title>Admin Login</title>
   <link href="<?php $_SERVER['DOCUMENT_ROOT']?>/inc/style/login/style.css" rel="stylesheet" type="text/css" />
</head>
<body background="<?php $_SERVER['DOCUMENT_ROOT']?>/img/content_bg.png">
<br /><br /><br /><br /><br />
    <div id="main">
<?php if ($error != '') {?>
      <div class="caption">Admin Login</div>
      <div id="icon3"> </div>
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
        <table width="100%">
          <tr><td>Admin Username:</td><td> <input class="text" name="username" type="text"  /></td></tr>
          <tr><td>Admin Password:</td><td> <input class="text" name="password" type="password" /></td></tr>
          <tr><td colspan="2" align="center"><input class="text" type="submit" name="submitBtn" value="Login" /></td></tr>
        </table>  
      </form>
      
       <a href="/?p=login">Regular User Login</a> or <a href="/">Go Back to Homepage</a>
      
<?php 
}   
    if (isset($_POST['submitBtn'])){

?>
      <div class="caption">Login result:</div>
      <div id="icon2"> </div>
      <div id="result">
        <table width="100%"><tr><td><br/>
<?php
if ($error == '') {
	echo '<meta http-equiv="refresh" content="0;URL=/">';
	echo "Welcome $username! <br/>You are logged in!<br/><br/>";
	echo '<a href="/">If you are not redirected click here!</a>';
}
else echo $error;

?>
	<br/><br/><br/></td></tr></table>
</div>
<?php            
    }
?>
<div id="source"><?php $_SERVER['DOCUMENT_ROOT']?></div>
    </div>
</body> 

cinos11 Newbie

cinos11

Posted
  • Author
Posted

You need to check that your password in the db is exactly the same as the one being entered in the form.  Do this by simply echo'ing out the hashed version of the password to the screen, and seeing if it matches the value in the db.

Yes the password that was turned into md5 on the form matches that of the database

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Edit: Wait

Nope changing

if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){

to

if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'")) > 0){

 

did not make a difference.

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Your code is quite confusing in that it's all over the place.

 

I noticed your username is stored in a different table than the password?  Why is that?

 

Nope the username is stored in the same table.

If you read my code wrong, possibly i wrote on accident to check 2 different tables?

Maby you know what i did wrong then?

mrMarcus Member

mrMarcus

Posted
Posted

I definitely read your code right.

 

Your first query you are checking the `cinos11_login_admin` table.  The second query you are checking the `cinos11_login_user` table.  I cannot tell you which one to use, but I'm pretty sure one of them is wrong.

cinos11 Newbie

cinos11

Posted
  • Author
Posted

I definitely read your code right.

 

Your first query you are checking the `cinos11_login_admin` table.  The second query you are checking the `cinos11_login_user` table.  I cannot tell you which one to use, but I'm pretty sure one of them is wrong.

 

Okay i changed it both to cinos11_login_admin.

But i still cant get it to login.

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Is there anyone who can still help???

Here's what i got so far:

 

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){

// User exists, check password
	$newpass = md5($pass2);
	//I need to get the pass to verify within this statement properly - this where i left off
	if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_pass ='".$newpass."'"))){
$validadminUser = true;
	$_SESSION['userName'] = $user2;
}	
}
    if ($validUser != true) $errorText = "Invalid username or password!";

    if ($validadminUser == true) $_SESSION['validadminUser'] = true;
    if ($validadminUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validadminUser'] = false;

return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass;	
}

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted
Is there anyone who can still help???

 

It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table?

 

Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row.

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Is there anyone who can still help???

 

It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table?

 

Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row.

 

I've checked every value of the newpass and its the same as the database.

Also i tried changing the code a little to make sure its checking the exact row.

But i still cant get it to work. (Also i only currently have one user under the table)

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
$newpass = md5($pass2);
if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."'   "))){
	$validadminUser = true;
	$_SESSION['userName'] = $user2;	
}
else { $ohshit = 'oh shit no login'; }
    if ($validUser != true) {$errorText = "Invalid username or password!";}

    if ($validadminUser == true) {$_SESSION['validadminUser'] = true;}
    if ($validadminUser == true) {$_SESSION['validUser'] = true;}
    else $_SESSION['validadminUser'] = false;

return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit;	
}

 

So any fixes? Even the picture i posted a few posts back shows the database table

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Is there anyone who can still help???

 

It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table?

 

Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row.

 

Well how about i put in everything i want to do:

 

So first off i wanted to change the original coding of this file so it went from file to mysql instead:

function loginadminUser($user,$pass){
$errorText = '';
$validadminUser = false;

// Check user existance	
$pfile = fopen($_SERVER['DOCUMENT_ROOT']."/login/REMOVED.txt","r");
    rewind($pfile);

    while (!feof($pfile)) {
        $line = fgets($pfile);
        $tmp = explode(':', $line);
        if ($tmp[0] == $user) {
            // User exists, check password
            if (trim($tmp[1]) == trim(md5($pass))){
            	$validadminUser= true;
            	$_SESSION['userName'] = $user;
            }
            break;
        }
    }
    fclose($pfile);

    if ($validadminUser != true) $errorText = "Invalid username or password!";
    
    if ($validadminUser == true) $_SESSION['validadminUser'] = true;
if ($validadminUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validadminUser'] = false;

return $errorText;	
}

 

I ended up making the first table of cinos11_login_admin

with the things inside as

user_id user_name user_login user_pass user_email user_lastlogin user_registered

 

I then wrote up this script by looking off the old one to be as close as possible to do what it did, but make it work off mysql instead:

 

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
$newpass = md5($pass2);
if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."'   "))){
	$validadminUser = true;
	$_SESSION['userName'] = $user2;	
}
else { $ohshit = 'oh shit no login'; }
    if ($validUser != true) {$errorText = "Invalid username or password!";}

    if ($validadminUser == true) {$_SESSION['validadminUser'] = true;}
    if ($validadminUser == true) {$_SESSION['validUser'] = true;}
    else $_SESSION['validadminUser'] = false;

return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit;	
}

 

I then now have no way of getting it to login as it used to.

cinos11 Newbie

cinos11

Posted
  • Author
Posted

Is there anyone who can still help???

 

It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table?

 

Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row.

 

Well how about i put in everything i want to do:

 

So first off i wanted to change the original coding of this file so it went from file to mysql instead:

function loginadminUser($user,$pass){
$errorText = '';
$validadminUser = false;

// Check user existance	
$pfile = fopen($_SERVER['DOCUMENT_ROOT']."/login/REMOVED.txt","r");
    rewind($pfile);

    while (!feof($pfile)) {
        $line = fgets($pfile);
        $tmp = explode(':', $line);
        if ($tmp[0] == $user) {
            // User exists, check password
            if (trim($tmp[1]) == trim(md5($pass))){
            	$validadminUser= true;
            	$_SESSION['userName'] = $user;
            }
            break;
        }
    }
    fclose($pfile);

    if ($validadminUser != true) $errorText = "Invalid username or password!";
    
    if ($validadminUser == true) $_SESSION['validadminUser'] = true;
if ($validadminUser == true) $_SESSION['validUser'] = true;
    else $_SESSION['validadminUser'] = false;

return $errorText;	
}

 

I ended up making the first table of cinos11_login_admin

with the things inside as

user_id user_name user_login user_pass user_email user_lastlogin user_registered

 

I then wrote up this script by looking off the old one to be as close as possible to do what it did, but make it work off mysql instead:

 

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
$newpass = md5($pass2);
if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."'   "))){
	$validadminUser = true;
	$_SESSION['userName'] = $user2;	
}
else { $ohshit = 'oh shit no login'; }
    if ($validUser != true) {$errorText = "Invalid username or password!";}

    if ($validadminUser == true) {$_SESSION['validadminUser'] = true;}
    if ($validadminUser == true) {$_SESSION['validUser'] = true;}
    else $_SESSION['validadminUser'] = false;

return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit;	
}

 

I then now have no way of getting it to login as it used to.

ignace Advanced Member

ignace

Posted
Posted 

function loginadminUser($user2,$pass2){
$errorText = '';
$validadminUser = false;

// Check user existance	
require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php');
$conn = mysql_connect($host,$user,$pass) or die(mysql_error());
$db = mysql_select_db($database, $conn) or die("Invalid Database Settings");
$db;
$newpass = md5($pass2);
if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."'   "))){
	$validadminUser = true;
	$_SESSION['userName'] = $user2;	
}
else { $ohshit = 'oh shit no login'; }
    if ($validUser != true) {$errorText = "Invalid username or password!";}

    if ($validadminUser == true) {$_SESSION['validadminUser'] = true;}
    if ($validadminUser == true) {$_SESSION['validUser'] = true;}
    else $_SESSION['validadminUser'] = false;

return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit;	
}

 

Seriously, this is a MESS. You can't be blamed for not being able to solve this problem, but using a tab-key or keeping your code clean isn't really that hard.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

cinos11, you are the only person here who has access to your database, so you are the only person here who can troubleshoot what your code is doing and why the query does not match the values in your table.

 

In my last post, I specifically asked if you had checked if the password values matched. You failed to answer that question and just posted more/different code. If you are not going to actually look at the data values to find out why your query is not matching anything, you can change your code all you want and it will never work.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Further to the above, since you have not provided any information about how you got the usernames/passwords into your database (i.e. you are the only person here who knows how you got to this point), I'm going to guess that you imported the values from your .txt file and the new-line characters that are on the end of each md5 password value in the .txt file (your previous working code was trim()'ing them) are now stored in the user_pass field in your table and your query won't ever match them because they should have been stripped off when the data was placed into the table.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.