cinos11 Posted June 13, 2010 Share Posted June 13, 2010 After writing: function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){ // User exists, check password $newpass = md5($pass2); //I need to get the pass to verify within this statement properly if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_user WHERE user_pass ='".$newpass."'"))){ $validadminUser = true; $_SESSION['userName'] = $user2; } } if ($validUser != true) $errorText = "Invalid username or password!"; if ($validadminUser == true) $_SESSION['validadminUser'] = true; if ($validadminUser == true) $_SESSION['validUser'] = true; else $_SESSION['validadminUser'] = false; return $errorText; } I can get the username verified but I can't get the password to be verified. The password in the database is also in md5. So it would need to become in md5 encryption then checked within the database's password. Any way to fix this? Quote Link to comment Share on other sites More sharing options...
-Karl- Posted June 13, 2010 Share Posted June 13, 2010 Where's $pass2 being set? Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Where's $pass2 being set? Within this login script: <?php require_once($_SERVER['DOCUMENT_ROOT'].'/login/common.php'); $error = '0'; if (isset($_POST['submitBtn'])){ // Get user input $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // Try to login the user $error = loginadminUser($username,$password); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href=<?php $_SERVER['DOCUMENT_ROOT'];?>/img/favicon.ico" type=image/x-icon" /> <title>Admin Login</title> <link href="<?php $_SERVER['DOCUMENT_ROOT']?>/inc/style/login/style.css" rel="stylesheet" type="text/css" /> </head> <body background="<?php $_SERVER['DOCUMENT_ROOT']?>/img/content_bg.png"> <br /><br /><br /><br /><br /> <div id="main"> <?php if ($error != '') {?> <div class="caption">Admin Login</div> <div id="icon3"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform"> <table width="100%"> <tr><td>Admin Username:</td><td> <input class="text" name="username" type="text" /></td></tr> <tr><td>Admin Password:</td><td> <input class="text" name="password" type="password" /></td></tr> <tr><td colspan="2" align="center"><input class="text" type="submit" name="submitBtn" value="Login" /></td></tr> </table> </form> <a href="/?p=login">Regular User Login</a> or <a href="/">Go Back to Homepage</a> <?php } if (isset($_POST['submitBtn'])){ ?> <div class="caption">Login result:</div> <div id="icon2"> </div> <div id="result"> <table width="100%"><tr><td><br/> <?php if ($error == '') { echo '<meta http-equiv="refresh" content="0;URL=/">'; echo "Welcome $username! <br/>You are logged in!<br/><br/>"; echo '<a href="/">If you are not redirected click here!</a>'; } else echo $error; ?> <br/><br/><br/></td></tr></table> </div> <?php } ?> <div id="source"><?php $_SERVER['DOCUMENT_ROOT']?></div> </div> </body> Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 13, 2010 Share Posted June 13, 2010 You need to check that your password in the db is exactly the same as the one being entered in the form. Do this by simply echo'ing out the hashed version of the password to the screen, and seeing if it matches the value in the db. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 You need to check that your password in the db is exactly the same as the one being entered in the form. Do this by simply echo'ing out the hashed version of the password to the screen, and seeing if it matches the value in the db. Yes the password that was turned into md5 on the form matches that of the database Quote Link to comment Share on other sites More sharing options...
-Karl- Posted June 13, 2010 Share Posted June 13, 2010 Like mrMarcus said, echo out $newpass, or the query and see if it matches what is in the database. Quote Link to comment Share on other sites More sharing options...
-Karl- Posted June 13, 2010 Share Posted June 13, 2010 Edit: Wait Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Edit: Wait Nope changing if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){ to if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'")) > 0){ did not make a difference. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 13, 2010 Share Posted June 13, 2010 Your code is quite confusing in that it's all over the place. I noticed your username is stored in a different table than the password? Why is that? Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Your code is quite confusing in that it's all over the place. I noticed your username is stored in a different table than the password? Why is that? Nope the username is stored in the same table. If you read my code wrong, possibly i wrote on accident to check 2 different tables? Maby you know what i did wrong then? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 13, 2010 Share Posted June 13, 2010 I definitely read your code right. Your first query you are checking the `cinos11_login_admin` table. The second query you are checking the `cinos11_login_user` table. I cannot tell you which one to use, but I'm pretty sure one of them is wrong. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 I definitely read your code right. Your first query you are checking the `cinos11_login_admin` table. The second query you are checking the `cinos11_login_user` table. I cannot tell you which one to use, but I'm pretty sure one of them is wrong. Okay i changed it both to cinos11_login_admin. But i still cant get it to login. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Heres a pic of the database structure: [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Is there anyone who can still help??? Here's what i got so far: function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_login ='".$user2."'"))){ // User exists, check password $newpass = md5($pass2); //I need to get the pass to verify within this statement properly - this where i left off if(mysql_num_rows(mysql_query("SELECT user_login FROM cinos11_login_admin WHERE user_pass ='".$newpass."'"))){ $validadminUser = true; $_SESSION['userName'] = $user2; } } if ($validUser != true) $errorText = "Invalid username or password!"; if ($validadminUser == true) $_SESSION['validadminUser'] = true; if ($validadminUser == true) $_SESSION['validUser'] = true; else $_SESSION['validadminUser'] = false; return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass; } Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 13, 2010 Share Posted June 13, 2010 Is there anyone who can still help??? It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table? Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Is there anyone who can still help??? It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table? Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row. I've checked every value of the newpass and its the same as the database. Also i tried changing the code a little to make sure its checking the exact row. But i still cant get it to work. (Also i only currently have one user under the table) function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; $newpass = md5($pass2); if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."' "))){ $validadminUser = true; $_SESSION['userName'] = $user2; } else { $ohshit = 'oh shit no login'; } if ($validUser != true) {$errorText = "Invalid username or password!";} if ($validadminUser == true) {$_SESSION['validadminUser'] = true;} if ($validadminUser == true) {$_SESSION['validUser'] = true;} else $_SESSION['validadminUser'] = false; return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit; } So any fixes? Even the picture i posted a few posts back shows the database table Quote Link to comment Share on other sites More sharing options...
ignace Posted June 13, 2010 Share Posted June 13, 2010 I have been following this thread for a while now, really no-one noticed that $host, $user, and $pass are not defined in his function? -- nevermind. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 13, 2010 Share Posted June 13, 2010 Probably in - require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); nevermind as well. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Is there anyone who can still help??? It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table? Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row. Well how about i put in everything i want to do: So first off i wanted to change the original coding of this file so it went from file to mysql instead: function loginadminUser($user,$pass){ $errorText = ''; $validadminUser = false; // Check user existance $pfile = fopen($_SERVER['DOCUMENT_ROOT']."/login/REMOVED.txt","r"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { // User exists, check password if (trim($tmp[1]) == trim(md5($pass))){ $validadminUser= true; $_SESSION['userName'] = $user; } break; } } fclose($pfile); if ($validadminUser != true) $errorText = "Invalid username or password!"; if ($validadminUser == true) $_SESSION['validadminUser'] = true; if ($validadminUser == true) $_SESSION['validUser'] = true; else $_SESSION['validadminUser'] = false; return $errorText; } I ended up making the first table of cinos11_login_admin with the things inside as user_id user_name user_login user_pass user_email user_lastlogin user_registered I then wrote up this script by looking off the old one to be as close as possible to do what it did, but make it work off mysql instead: function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; $newpass = md5($pass2); if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."' "))){ $validadminUser = true; $_SESSION['userName'] = $user2; } else { $ohshit = 'oh shit no login'; } if ($validUser != true) {$errorText = "Invalid username or password!";} if ($validadminUser == true) {$_SESSION['validadminUser'] = true;} if ($validadminUser == true) {$_SESSION['validUser'] = true;} else $_SESSION['validadminUser'] = false; return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit; } I then now have no way of getting it to login as it used to. Quote Link to comment Share on other sites More sharing options...
cinos11 Posted June 13, 2010 Author Share Posted June 13, 2010 Is there anyone who can still help??? It's pretty much up to you at this point to determine why the values you are putting into your queries do not match the values in your database. Have you checked that every character in $newpass matches the value in your table? Also, because passwords are not unique (any number of your users could have used the same password), your second query could match anyones password, not the specific password that matches $user2. You need to match both the user_login and user_pass values in the same row. Well how about i put in everything i want to do: So first off i wanted to change the original coding of this file so it went from file to mysql instead: function loginadminUser($user,$pass){ $errorText = ''; $validadminUser = false; // Check user existance $pfile = fopen($_SERVER['DOCUMENT_ROOT']."/login/REMOVED.txt","r"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { // User exists, check password if (trim($tmp[1]) == trim(md5($pass))){ $validadminUser= true; $_SESSION['userName'] = $user; } break; } } fclose($pfile); if ($validadminUser != true) $errorText = "Invalid username or password!"; if ($validadminUser == true) $_SESSION['validadminUser'] = true; if ($validadminUser == true) $_SESSION['validUser'] = true; else $_SESSION['validadminUser'] = false; return $errorText; } I ended up making the first table of cinos11_login_admin with the things inside as user_id user_name user_login user_pass user_email user_lastlogin user_registered I then wrote up this script by looking off the old one to be as close as possible to do what it did, but make it work off mysql instead: function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; $newpass = md5($pass2); if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."' "))){ $validadminUser = true; $_SESSION['userName'] = $user2; } else { $ohshit = 'oh shit no login'; } if ($validUser != true) {$errorText = "Invalid username or password!";} if ($validadminUser == true) {$_SESSION['validadminUser'] = true;} if ($validadminUser == true) {$_SESSION['validUser'] = true;} else $_SESSION['validadminUser'] = false; return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit; } I then now have no way of getting it to login as it used to. Quote Link to comment Share on other sites More sharing options...
ignace Posted June 13, 2010 Share Posted June 13, 2010 function loginadminUser($user2,$pass2){ $errorText = ''; $validadminUser = false; // Check user existance require($_SERVER['DOCUMENT_ROOT'].'/inc/db/db.php'); $conn = mysql_connect($host,$user,$pass) or die(mysql_error()); $db = mysql_select_db($database, $conn) or die("Invalid Database Settings"); $db; $newpass = md5($pass2); if(mysql_num_rows(mysql_query("SELECT user_login, user_pass FROM cinos11_login_admin WHERE user_login ='".$user2."' AND user_pass='".$newpass."' "))){ $validadminUser = true; $_SESSION['userName'] = $user2; } else { $ohshit = 'oh shit no login'; } if ($validUser != true) {$errorText = "Invalid username or password!";} if ($validadminUser == true) {$_SESSION['validadminUser'] = true;} if ($validadminUser == true) {$_SESSION['validUser'] = true;} else $_SESSION['validadminUser'] = false; return $errorText . '<br />'. $user2 .'<br />'. $pass2 .'<br />'. $newpass . '<br />' . $ohshit; } Seriously, this is a MESS. You can't be blamed for not being able to solve this problem, but using a tab-key or keeping your code clean isn't really that hard. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 13, 2010 Share Posted June 13, 2010 cinos11, you are the only person here who has access to your database, so you are the only person here who can troubleshoot what your code is doing and why the query does not match the values in your table. In my last post, I specifically asked if you had checked if the password values matched. You failed to answer that question and just posted more/different code. If you are not going to actually look at the data values to find out why your query is not matching anything, you can change your code all you want and it will never work. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 13, 2010 Share Posted June 13, 2010 Further to the above, since you have not provided any information about how you got the usernames/passwords into your database (i.e. you are the only person here who knows how you got to this point), I'm going to guess that you imported the values from your .txt file and the new-line characters that are on the end of each md5 password value in the .txt file (your previous working code was trim()'ing them) are now stored in the user_pass field in your table and your query won't ever match them because they should have been stripped off when the data was placed into the table. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.