TheSky Posted April 2, 2011 Share Posted April 2, 2011 hello agen i got problem using login php in database i have stored passwords as *4D5FC004C2D5AE0B5513693AD1B271F8A2A92CEC (i think its hash inserted as password) case is that it dont read password :/ kinda strange, any help will be welcome <? session_start(); if(isset($_GET['reg'])){ $reg=$_GET['reg']; }else{ $reg=""; } if($reg==1){ $msg1="<font color=\"#FF0000\"><b>Your details have been added, please login</b></font>"; }elseif($reg==2){ $msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>"; } if(isset($_POST['submit'])){ if( empty($_POST['uname']) && (empty($_POST['upass']))){ header( "Location:Messages.php?msg=1" ); exit(); } //transfer to shorter var $n=$_POST['uname']; $p=$_POST['upass']; //connect to db include('config.php'); $query="select * from user where uname='$n' and pw='$p' "; $result=mysql_query($query); $num=mysql_num_rows($result); if($num>0 ){ //put in session vars $mytime=time(); $mytime=date("H:i:s A",$mytime); $_SESSION['time'] = $mytime; $_SESSION['status'] = 'logged'; $_SESSION['username'] = $n; //goto next page header("location:welcome.php"); exit; }else{ $_SESSION['status'] = 'not logged'; header( "Location:Messages.php?msg=2" ); exit(); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/Auth.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styleLog.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="7" cellpadding="0"> <tr class="temptitle"> <td><!-- InstanceBeginEditable name="EditRegion4" -->Login<!-- InstanceEndEditable --></td> </tr> <tr> <td><!-- InstanceBeginEditable name="EditRegion3" --> <form name="form1" method="post" action="login.php"> <table width="81%" border="0" align="center" cellpadding="0" cellspacing="3"> <tr class="listtop"> <td colspan="3">Login Status:<? if(isset($msg1)){ echo "$msg1"; }?></td> </tr> <tr> <td width="9%">Username</td> <td width="41%"><input name="uname" type="text" id="uname" size="50"></td> </tr> <tr> <td>Password</td> <td><input name="upass" type="password" id="upass" size="50"></td> </tr> <tr> <td colspan="2"><div align="center"><a href="password.php">Forgotten your password?</a>|<a href="register.php">Register</a> </div></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td><div align="center">Copyright 2005 </div></td> </tr> </table> </body> <!-- InstanceEnd --></html> Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/ Share on other sites More sharing options...
gristoi Posted April 2, 2011 Share Posted April 2, 2011 You will never get a result as $p Dosent equals what is in the database. The password stored looks like a sha1 hash. So you need to hash the password with same encryption: $p =$_POST['upass']; $p = sha1($p); Then search the database. Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195860 Share on other sites More sharing options...
Jnerocorp Posted April 2, 2011 Share Posted April 2, 2011 or you could also just do $p = sha1($_POST['upass']); Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195881 Share on other sites More sharing options...
TheSky Posted April 2, 2011 Author Share Posted April 2, 2011 i was using it but i get same results $p = sha1($_POST['upass']); i get *FBF03E4A22BC2A25D0E1A41EC68C6DA but it cant read it on sh1 or md5 i get same hash even i dont use any, kinda strange Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195921 Share on other sites More sharing options...
Jnerocorp Posted April 2, 2011 Share Posted April 2, 2011 can you post the registrastion page code? Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195951 Share on other sites More sharing options...
jamesjmann Posted April 2, 2011 Share Posted April 2, 2011 In my opinion Your code iS poorly written/organized. I would use a nice switch statement to handle the script Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195956 Share on other sites More sharing options...
TheSky Posted April 2, 2011 Author Share Posted April 2, 2011 this is registration page <?php if(isset($_POST['Submit'])){ //NEED TO CHECK IF FIELDS ARE FILLED IN if( empty($_POST['name']) && (empty($_POST['email']))){ header("Location:Messages.php?msg=3"); exit(); } if( empty($_POST['pw1']) && (empty($_POST['pw2']))){ header( "Location:Messages.php?msg=4" ); exit(); } $name=$_POST['name']; $email=$_POST['email']; $NR=$_POST['NR']; $pw1=$_POST['pw1']; $pw2=$_POST['pw2']; //password control if("$pw1" !== "$pw2" ){ header( "Location:Messages.php?msg=5" ); exit(); } $ip = $_SERVER['REMOTE_ADDR']; //connect to the db server , check if uname exist include('config.php'); $query=("Select * from user where uname='$name'"); $result= mysql_query($query); $num=mysql_num_rows($result); if ($num > 0) { header( "Location:Messages.php?msg=6" ); exit(); }else{ //encrypt password //$password0 = md5($_POST['pw1']); //if username does not exist insert user details $query=( "INSERT INTO user (uname, pw,email,NR,date_joined,ip,level) VALUES ('$name',password('$pw1'),'$email','$NR',NOW(),'$ip','Normal')"); if (@mysql_query ($query)) { header("location:login.php?reg=1"); exit; } } mysql_close(); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/Auth.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Registration</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styleLog.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="7" cellpadding="0"> <tr class="temptitle"> <td><!-- InstanceBeginEditable name="EditRegion4" -->New User Registration <!-- InstanceEndEditable --></td> </tr> <tr> <td><!-- InstanceBeginEditable name="EditRegion3" --> <form name="form1" action="register.php" method="post"> <table width="657" border="0"> <tr> <td width="122"><div align="left">Name</div></td> <td width="525"><input name="name" type="text" size="40"></td> </tr> <tr> <td><div align="left">number</div></td> <td><input name="NR" type="text" size="40"></td> </tr> <tr> <td><div align="left">Email</div></td> <td><input name="email" type="text" size="40"></td> </tr> <tr> <td><div align="left">Password</div></td> <td><input name="pw1" type="password" size="40"></td> </tr> <tr> <td ><div align="left">Confirm Password </div></td> <td><input name="pw2" type="password" size="40"></td> </tr> <tr> <td></td> <td> <input name="Submit" type="submit"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td><div align="center">Copyright 2005 </div></td> </tr> </table> </body> <!-- InstanceEnd --></html> Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195964 Share on other sites More sharing options...
Pikachu2000 Posted April 2, 2011 Share Posted April 2, 2011 Your INSERT query uses MySQL's PASSWORD() function, which it should not. Use an SHA1 hash both when you insert the password, and when you compare the form field to it upon login. Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195967 Share on other sites More sharing options...
TheSky Posted April 2, 2011 Author Share Posted April 2, 2011 So i did use for sending and geting password with SHA1 but should i use in database table pw ( varchar ) or other type anyway i got Length/Values1 ( 32 ) forgive me if im wrong im some kind beginer on mysql and php Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195984 Share on other sites More sharing options...
Pikachu2000 Posted April 2, 2011 Share Posted April 2, 2011 If you're going to use SHA1, make the field's data type CHAR(40). Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1195986 Share on other sites More sharing options...
Jnerocorp Posted April 2, 2011 Share Posted April 2, 2011 change $query=( "INSERT INTO user (uname, pw,email,NR,date_joined,ip,level) VALUES ('$name',password('$pw1'),'$email','$NR',NOW(),'$ip','Normal')"); to $pw1 = md5($pw1); $query=( "INSERT INTO user (uname, pw,email,NR,date_joined,ip,level) VALUES ('$name','$pw1','$email','$NR',NOW(),'$ip','Normal')"); in the comments it says its going to do an md5 encrtyption change md5 to sha1 if u want it to be sha1 encryption Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1196007 Share on other sites More sharing options...
TheSky Posted April 3, 2011 Author Share Posted April 3, 2011 thank you all for your support i got it working Quote Link to comment https://forums.phpfreaks.com/topic/232490-login-fail-any-help-will-be-welcome/#findComment-1196166 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.