csmcgoo Posted November 22, 2010 Share Posted November 22, 2010 I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/ Share on other sites More sharing options...
jim_keller Posted November 22, 2010 Share Posted November 22, 2010 What behavior do you see? Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138043 Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 It would probably be helpful to post what is actually happening versus what you expect to happen, along with any errors/messages returned by the code. Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138044 Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 It goes to: login-failed.php Login Failed! Please check your username and password Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138045 Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 echo $qry; then compare the values in the query string manually to the values in the database by browsing the record in phpMyAdmin. Make sure the values are identical. Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138048 Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Thanks for the advise... This is the password the echo shows: 6c322db5f141b4ed486dcf8b84b3011b This is the password in the database: f828c4d40a3657df7131f4979ad28c595e7f1c4b Not sure where to go from here... Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138058 Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 Since the echo is 32 characters, and the stored value is 40 characters, I'd venture a guess that it's a hashing method mismatch. More specifically, I'd bet that the value is inserted into the database with an SHA1 hash, in which case you'd need to use the same hashing algorithm to compare it. Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138060 Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Thank you for the detailed explanation. Do you have any idea what I can do to fix it? Maybe "pass_hash_func"? I have no idea what any of that means Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138127 Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Looks like i figured it out! Amazing what you can learn here. Thanks! changed: .md5 to .sha1 Link to comment https://forums.phpfreaks.com/topic/219489-login-code-issue/#findComment-1138139 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.