Having Login Issues

[desjardins2010]

I'm going to post two scripts my login.php and my register.php

 

problem is i'm always getting usernamepassword don't match i think something to do with md5 but can't figure out where... or why?

 

<?php



session_start();



$login = $_POST['login'];

$password = $_POST['password'];


if ($login&&$password)



{
$connect = mysql_connect("localhost","heaven","jefF0614") or die ("could not connect to server");

mysql_select_db("heaven_users") or die ("could not find database");



$query = mysql_query("SELECT * FROM members WHERE username='$login'");



$numrows = mysql_num_rows($query);



if($numrows!=0) 



{



while ($row = mysql_fetch_assoc($query))

{

$dbusername = $row['username'];

$dbpassword = $row['password'];

}



// check to see if they match

if($login==$dbusername&&$password==$dbpassword)

{

echo "Your In <a href='member.php'>click here to go to the member page</a>";

//start session

$_SESSION['username']=$login;

}

else 

echo "Incorrect Password/Username Combination";



}

else

die("That username dose not exist");





}

else

die ("Please enter a username and password");



?>

 

and register.php

<?php

//check for submit

$submit =$_POST['submit'];



//gather POST variable

$fullname =strip_tags($_POST['fullname']);

$email =strip_tags($_POST['email']);

$username =strip_tags($_POST['username']);



$password =strip_tags($_POST['password']);

$password2 =strip_tags($_POST['password2']);



if ($submit) 

{

//check that fields were filled in

if ($fullname&&$email&&$username&&$password&&$password2)

{


//check to see if our two password fields match	

if ($password==$password2) 


{
$password = md5($password);
// register the user

//open database
$connect = mysql_connect("localhost", "heaven", "jefF0614");
mysql_select_db("heaven_users");

//begine insert
$queryreg = mysql_query("INSERT INTO members VALUES ('','$fullname','$email','$username','$password')");

if ($queryreg) {

echo "Thanks, For Registering! Click <a href=\"index.php\">HERE</a>To Login!";

}


}

//otherwise if passwords don't match

else {

echo "<font color='red'>The passwords you entered do not match</font>";

//end of checking password	
}
}		
else {

echo "<font color='red'>Please enter all fields!</font>";

}
}
//end check for submit 



?>

[JakeTheSnake3.0]

Your login.php script isn't md5'ing the password when you compare the values retrieved from the database.  You're comparing the actual password with the md5 password stored in the database.  In any case, a better way of retrieving a result from the database would be to include the md5'ed password in the query and only return a single result.  If no results are returned, the user/pass combo didn't work.

[desjardins2010]

snipplet example? cause I tried to in the login.php file after setting the _POST varibles to then take the $password and

 

$password =md5($password);

 

that didn't change anything

[JakeTheSnake3.0]

echo your $password and $dbpassword to see what you're getting from both the form input and the database.  If they're different, you know something's up.

[OOP]

Hi there,

 

The below should fix it

[code=php:0]
<?php
# Start Session
session_start ();

# Get user's inputs
$login = $_POST ['login'];
$password = md5 ( $_POST ['password'] );

# Do we have all required info?
if ($login && $password) {
$connect = mysql_connect ( "localhost", "heaven", "jefF0614" ) or die ( "could not connect to server" );
mysql_select_db ( "heaven_users" ) or die ( "could not find database" );
$query = mysql_query ( "SELECT * FROM members WHERE username='$login'" );
$numrows = mysql_num_rows ( $query );

if ($numrows != 0) {
	while ( $row = mysql_fetch_assoc ( $query ) ) {
		$dbusername = $row ['username'];
		$dbpassword = $row ['password'];
	}

	// check to see if they match
	if ($login == $dbusername && $password == $dbpassword) {
		echo "Your In <a href='member.php'>click here to go to the member page</a>";
		//start session
		$_SESSION ['username'] = $login;
	} else {

		echo "Incorrect Password/Username Combination";
	}
} 

else {

	die ( "That username dose not exist" );
}
} 

else {

die ( "Please enter a username and password" );
}
?>

[/code]

[desjardins2010]

I would agree with that statment and tired that i don't get why it's not working.. that code plugged in does the same thing incorrect/mismatch???

[JakeTheSnake3.0]

You NEED to ECHO what you're retrieving from the database!  Otherwise how are you supposed to know what's going wrong?

[OOP]

Do one thing as requested by JakeTheSnake3.0. Try to print the two values and see what you get.

[desjardins2010]

ok so this code

echo ($dbpassword)."<BR>";

echo ($password);

 

returns this

 

a8967cdb80c6538

a8967cdb80c6538c99d13cb01f870c63

 

where the c99.... coming from?

[JakeTheSnake3.0]

Perhaps the password you used to originally register is different from what you're using now?  On your register.php form echo the $password variable just before you md5 it to verify what's being put into the md5 function.

[desjardins2010]

in register.php I'm entering a password of 0614jef and it echos 0614jef then would encypt it to be md5, values in login should be matching this kinda makes no sence?

[OOP]

What is the type of the password column in you database table. It looks like the rest of the value is trimmed because the length of the password column is not enough.  make sure that the length of the password column is 32 if you want to use the MD5

[desjardins2010]

AHHHHHH your great man thanks alot... that works like a dream I had it set to 15 char