Problem With login

ObscureMind · June 3, 2011

i there, iam building an website to show to my school but iam with some problems with login, here is the script, index.php

?php

session_start();

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>YouPhoto::Bem-Vindo</title>

</head>

<body>

<?php

include ("config.php");

$ligacao = mysql_connect($db_host, $db_user, $db_pass);

mysql_select_db($db_db);

//determine how much users are registered

$sql = "SELECT COUNT(u_id) AS cnt FROM users";

$res = mysql_query($sql) or die(mysql_error($ligacao));

$reg = mysql_fetch_array($res);

$cnt = $reg['cnt'];

// finish session

if($_GET['accao'] == 'logout') unset($_SESSION['login']);

// validate session

if($_POST['finicia']) {

$u_login = $_POST['fu_login'];

$u_pass = $_POST['fu_pass'];

$sql = "SELECT u_nome, u_sit, u_id, u_nivel FROM users

WHERE u_login = '$u_login' AND u_pass = PASSWORD('$u_pass')";

$res = mysql_query($sql);

if(mysql_num_rows($res) > 0) {

// foi encontrado e validado um utilizador

$reg = mysql_fetch_array($res);

$_SESSION['login'] = true;

$_SESSION['user'] = $u_login;

$_SESSION['nome'] = $reg['u_nome'];

$_SESSION['sit'] = $reg['u_sit'];

$_SESSION['uid'] = $reg['u_id'];

$_SESSION['nivel'] = $reg['u_nivel'];

} else $erro_login = "User or password wrong!";

}

?>

<h1>YouPhoto</h1>

<?php

if($_SESSION['login'] == false) {

?> <a href="registo.php">Register</a><br /> <?php

}

echo "$cnt registrated users! <br />";

if($_SESSION['login'] == true) {

echo "Bem vindo, " . $_SESSION['nome'];

?> <a href="perfil.php">Profile</a> |

<?php

if($_SESSION['nivel'] == '2') {

?><a href="moderador.php">Moderator</a> | <?php

} ?>

<a href="index.php?accao=logout">End Session</a> <?php

}

?>

</div>

<?php

if($_SESSION['login'] == false) {

?>

<div class="login">Login: <?php echo $erro_login; ?>

<p>User:

<input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="24" maxlength="50" />

<br />

Pass:

</p>

</form>

<?php

}

?>

</div>

<p align="center">youphoto@sapo.pt</p>

<?php

mysql_close($ligacao);

?>

</body>

</html>

Register.php

{

echo "The password has to have between 6 and 8 characters!";

$erro = true;

}

//verify email on database

if(!$erro) { //only tests if the form is correct!

$sql = "SELECT u_id FROM users WHERE u_login = '$u_login'";

$res = mysql_query($sql) or die(mysql_error($ligacao));

if(mysql_num_rows($res) > 0) {

echo "the email $u_login already exist!";

$erro = true;

}

//insert user on database

if($erro == false) {

$sql = "INSERT INTO users (u_login, u_nome, u_pass) VALUES

('$u_login', '$u_nome', PASSWORD('$u_pass1'))";

$res = mysql_query($sql) or die(mysql_error($ligacao));

$u_id = mysql_insert_id($ligacao);

echo "Registered <br />";

echo "$u_nome - $u_login <br />";

echo "a message was sent to $u_login to confirm register <br />";

$completo = true;

// enviar um e-mail para o utilizador, para confirmação do registo

$assunto = "YouPhoto: Confirmação de Registo";

$mensagem = "Caro(a), $u_nome <br />

Deverá confirmar o seu registo no site YouPhoto, clicando no link em baixo: <br />

<br />

<a href=\"http://nmbm.servehttp.com/youphoto/reg_conf.php?u_id=$u_id&u_login=$u_login\">Confirmação</a> <br />

<br />

A equipa do YouPhoto <br />

youphoto@sapo.pt<br />

http://nmbm.servehttp.com/youphoto<br />

<br />

<img src=\"http://nmbm.servehttp.com/youphoto/img/yp-logo.png\" width=\"120\" />";

$remetente =& new Swift_Address('youphoto@sapo.pt', 'YouPhoto');

//Start Swift

$smtp =& new Swift_Connection_SMTP("mx.sapo.pt");

$smtp->setUsername("youphoto@sapo.pt");

$smtp->setPassword("Y0uPh0t0");

$swift =& new Swift($smtp);

$message =& new Swift_Message($assunto, $mensagem);

$message->setContentType("text/html");

//Now check if Swift actually sends it

if ($swift->send($message, $u_login, $remetente)) {

echo "<br />Mensage sent <br />";

}

else echo "Failed";

}

if($completo == false) {

?>

<td width="140"><label>Email:</label></td>

<td><input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="50" maxlength="50" /></td>

</tr>

<tr>

<td><input name="fu_nome" type="text" id="fu_nome" value="<?php echo $u_nome; ?>" size="50" maxlength="50" /></td>

</tr>

<tr>

<td width="140"><label>Password:</label></td>

</tr>

<tr>

<td width="140"><label>Confirm:</label>

</td>

</tr>

<tr>

</tr>

</table>

</form>

<?php

}

mysql_close($ligacao);

?>

</body>

</html>' target='_blank'> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>YP::Registo de Utilizador</title>

</head>

<body>

<h1>Registo de Utilizador</h1>

<div align="right"><a href="index.php">Voltar</a></div>

<?php

include("config.php");

// swift e.mail sender

//Load in the files we'll need

require_once "lib/Swift.php";

require_once "lib/Swift/Connection/SMTP.php";

$ligacao = mysql_connect($db_host, $db_user, $db_pass);

mysql_select_db($db_db);

$completo = false;

if($_POST['fenvia']) {

$u_login = $_POST['fu_login'];

$u_nome = $_POST['fu_nome'];

$u_pass1 = $_POST['fu_pass1'];

$u_pass2 = $_POST['fu_pass2'];

$erro = false;

// test the data

if(empty($u_login)) {

echo "e-mail not writen!";

$erro = true;

} else if(strlen($u_nome) < 10) {

echo "Name has to have at least 10 chars!";

$erro = true;

} else if(empty($u_pass1) or strcmp($u_pass1, $u_pass2) != 0) {

echo "Password are difrent!";

$erro = true;

} else if(strlen($u_pass1) < 6 or strlen($u_pass1) > {

echo "The password has to have between 6 and 8 characters!";

$erro = true;

}

//verify email on database

if(!$erro) { //only tests if the form is correct!

$sql = "SELECT u_id FROM users WHERE u_login = '$u_login'";

$res = mysql_query($sql) or die(mysql_error($ligacao));

if(mysql_num_rows($res) > 0) {

echo "the email $u_login already exist!";

$erro = true;

}

//insert user on database

if($erro == false) {

$sql = "INSERT INTO users (u_login, u_nome, u_pass) VALUES

('$u_login', '$u_nome', PASSWORD('$u_pass1'))";

$res = mysql_query($sql) or die(mysql_error($ligacao));

$u_id = mysql_insert_id($ligacao);

echo "Registered <br />";

echo "$u_nome - $u_login <br />";

echo "a message was sent to $u_login to confirm register <br />";

$completo = true;

// enviar um e-mail para o utilizador, para confirmação do registo

$assunto = "YouPhoto: Confirmação de Registo";

$mensagem = "Caro(a), $u_nome <br />

Deverá confirmar o seu registo no site YouPhoto, clicando no link em baixo: <br />

<br />

<a href=\"http://nmbm.servehttp.com/youphoto/reg_conf.php?u_id=$u_id&u_login=$u_login\">Confirmação</a> <br />

<br />

A equipa do YouPhoto <br />

youphoto@sapo.pt<br />

http://nmbm.servehttp.com/youphoto<br />

<br />

<img src=\"http://nmbm.servehttp.com/youphoto/img/yp-logo.png\" width=\"120\" />";

$remetente =& new Swift_Address('youphoto@sapo.pt', 'YouPhoto');

//Start Swift

$smtp =& new Swift_Connection_SMTP("mx.sapo.pt");

$smtp->setUsername("youphoto@sapo.pt");

$smtp->setPassword("Y0uPh0t0");

$swift =& new Swift($smtp);

$message =& new Swift_Message($assunto, $mensagem);

$message->setContentType("text/html");

//Now check if Swift actually sends it

if ($swift->send($message, $u_login, $remetente)) {

echo "<br />Mensage sent <br />";

}

else echo "Failed";

}

if($completo == false) {

?>

<td width="140"><label>Email:</label></td>

<td><input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="50" maxlength="50" /></td>

</tr>

<tr>

<td><input name="fu_nome" type="text" id="fu_nome" value="<?php echo $u_nome; ?>" size="50" maxlength="50" /></td>

</tr>

<tr>

<td width="140"><label>Password:</label></td>

</tr>

<tr>

<td width="140"><label>Confirm:</label>

</td>

</tr>

<tr>

</tr>

</table>

</form>

<?php

}

mysql_close($ligacao);

?>

</body>

</html>

I would apreciate if anybody could help, the error is to either put the right password or wrong allways shows that the password is wrong

revraz · June 3, 2011

We cant read it like that.

ObscureMind · June 3, 2011

i there, iam building an website to show to my school but iam with some problems with login, here is the script, index.php

^?php

^{session_start();}

^?>

^{<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "}^{http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">}

^{<html xmlns="}^{http://www.w3.org/1999/xhtml">}

^<head>

^{<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />}

^{<title>YouPhoto::Bem-Vindo</title>}

^{<link href="yp.css" rel="stylesheet" type="text/css" />}

^</head>

^<body>

^<?php

^{include ("config.php");}

^{$ligacao = mysql_connect($db_host, $db_user, $db_pass);}

^{mysql_select_db($db_db);}

^{//determine how much users are registered}

^{$sql = "SELECT COUNT(u_id) AS cnt FROM users";}

^{$res = mysql_query($sql) or die(mysql_error($ligacao));}

^{$reg = mysql_fetch_array($res);}

^{$cnt = $reg['cnt'];}

^{// finish session}

^{if($_GET['accao'] == 'logout') unset($_SESSION['login']);}

^{// validate session}

^{if($_POST['finicia']) {}

^{$u_login = $_POST['fu_login'];}

^{$u_pass = $_POST['fu_pass'];}

^{$sql = "SELECT u_nome, u_sit, u_id, u_nivel FROM users}

^{WHERE u_login = '$u_login' AND u_pass = PASSWORD('$u_pass')";}

^{$res = mysql_query($sql);}

^{if(mysql_num_rows($res) > 0) {}

^{// foi encontrado e validado um utilizador}

^{$reg = mysql_fetch_array($res);}

^{$_SESSION['login'] = true;}

^{$_SESSION['user'] = $u_login;}

^{$_SESSION['nome'] = $reg['u_nome'];}

^{$_SESSION['sit'] = $reg['u_sit'];}

^{$_SESSION['uid'] = $reg['u_id'];}

^{$_SESSION['nivel'] = $reg['u_nivel'];}

^{} else $erro_login = "User or password wrong!";}

^}

^?>

^{<div align="center"><img src="img/logo60x60.png" width="60" height="60" /></div>}

^{<h1>YouPhoto</h1>}

^{<div align="right">}

^<?php

^{if($_SESSION['login'] == false) {}

^{?> <a href="registo.php">Register</a><br /> <?php}

^}

^{echo "$cnt registrated users! <br />";}

^{if($_SESSION['login'] == true) {}

^{echo "Bem vindo, " . $_SESSION['nome'];}

^{?> <a href="perfil.php">Profile</a> |}

^<?php

^{if($_SESSION['nivel'] == '2') {}

^{?><a href="moderador.php">Moderator</a> | <?php}

^{} ?>}

^{<a href="index.php?accao=logout">End Session</a> <?php}

^}

^?>

^</div>

^<?php

^{if($_SESSION['login'] == false) {}

^?>

^{<div class="login">Login: <?php echo $erro_login; ?>}

^{<form id="frm_login" name="frm_login" method="post" action="index.php">}

^<p>User:

^{<input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="24" maxlength="50" />}

^{<br />}

^Pass:

^{<input name="fu_pass" type="password" id="fu_pass" size="8" maxlength="8" />}

^{<input type="submit" name="finicia" id="finicia" value="Login" />}

^</p>

^</form>

^<?php

^}

^?>

^</div>

^{<p align="center">youphoto@sapo.pt</p>}

^<?php

^{mysql_close($ligacao);}

^?>

^</body>

^</html>

Register.php

^{<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "}^{http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">}

^{<html xmlns="}^{http://www.w3.org/1999/xhtml">}

^<head>

^{<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />}

^{<title>YP::Registo de Utilizador</title>}

^{<link href="yp.css" rel="stylesheet" type="text/css" />}

^</head>

^<body>

^{<div align="center"><img src="img/logo60x60.png" width="60" height="60" /></div>}

^{<h1>Registo de Utilizador</h1>}

^{<div align="right"><a href="index.php">Voltar</a></div>}

^<?php

^{include("config.php");}

^{// swift e.mail sender}

^{//Load in the files we'll need}

^{require_once "lib/Swift.php";}

^{require_once "lib/Swift/Connection/SMTP.php";}

^{$ligacao = mysql_connect($db_host, $db_user, $db_pass);}

^{mysql_select_db($db_db);}

^{$completo = false;}

^{if($_POST['fenvia']) {}

^{$u_login = $_POST['fu_login'];}

^{$u_nome = $_POST['fu_nome'];}

^{$u_pass1 = $_POST['fu_pass1'];}

^{$u_pass2 = $_POST['fu_pass2'];}

^{$erro = false;}

^{// test the data}

^{if(empty($u_login)) {}

^{echo "e-mail not writen!";}

^{$erro = true;}

^{} else if(strlen($u_nome) < 10) {}

^{echo "Name has to have at least 10 chars!";}

^{$erro = true;}

^{} else if(empty($u_pass1) or strcmp($u_pass1, $u_pass2) != 0) {}

^{echo "Password are difrent!";}

^{$erro = true;}

^{} else if(strlen($u_pass1) < 6 or strlen($u_pass1) >}^{

^{echo "The password has to have between 6 and 8 characters!";}

^{$erro = true;}

^}

^{//verify email on database}

^{if(!$erro) { //only tests if the form is correct!}

^{$sql = "SELECT u_id FROM users WHERE u_login = '$u_login'";}

^{$res = mysql_query($sql) or die(mysql_error($ligacao));}

^{if(mysql_num_rows($res) > 0) {}

^{echo "the email $u_login already exist!";}

^{$erro = true;}

^}

^}

^{//insert user on database}

^{if($erro == false) {}

^{$sql = "INSERT INTO users (u_login, u_nome, u_pass) VALUES}

^{('$u_login', '$u_nome', PASSWORD('$u_pass1'))";}

^{$res = mysql_query($sql) or die(mysql_error($ligacao));}

^{$u_id = mysql_insert_id($ligacao);}

^{echo "Registered <br />";}

^{echo "$u_nome - $u_login <br />";}

^{echo "a message was sent to $u_login to confirm register <br />";}

^{$completo = true;}

^{// enviar um e-mail para o utilizador, para confirmação do registo}

^{$assunto = "YouPhoto: Confirmação de Registo";}

^{$mensagem = "Caro(a), $u_nome <br />}

^{Deverá confirmar o seu registo no site YouPhoto, clicando no link em baixo: <br />}

^{<br />}

^{<a href=\"}^{http://nmbm.servehttp.com/youphoto/reg_conf.php?u_id=$u_id&u_login=$u_login\">Confirmação</a>}^{<br />}

^{<br />}

^{A equipa do YouPhoto <br />}

^{youphoto@sapo.pt<br />}

^{http://nmbm.servehttp.com/youphoto<br}^/>

^{<br />}

^{<img src=\"}^{http://nmbm.servehttp.com/youphoto/img/yp-logo.png\"}^{width=\"120\" />";}

^{$remetente =& new Swift_Address('youphoto@sapo.pt', 'YouPhoto');}

^{//Start Swift}

^{$smtp =& new Swift_Connection_SMTP("mx.sapo.pt");}

^{$smtp->setUsername("youphoto@sapo.pt");}

^{$smtp->setPassword("Y0uPh0t0");}

^{$swift =& new Swift($smtp);}

^{$message =& new Swift_Message($assunto, $mensagem);}

^{$message->setContentType("text/html");}

^{//Now check if Swift actually sends it}

^{if ($swift->send($message, $u_login, $remetente)) {}

^{echo "<br />Mensage sent <br />";}

^}

^{else echo "Failed";}

^}

^}

^{if($completo == false) {}

^?>

^{<form id="frm_registo" name="frm_registo" method="post" action="registo.php">}

^{<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">}

^{<tr><td width="160"> </td>}

^{<td width="140"><label>Email:</label></td>}

^{<td><input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="50" maxlength="50" /></td>}

^</tr>

^<tr>

^{<td width="160"> </td>}

^{<td width="140"><label>Name:</label></td>}

^{<td><input name="fu_nome" type="text" id="fu_nome" value="<?php echo $u_nome; ?>" size="50" maxlength="50" /></td>}

^</tr>

^<tr>

^{<td width="160"> </td>}

^{<td width="140"><label>Password:</label></td>}

^{<td><input name="fu_pass1" type="password" id="fu_pass1" size="8" maxlength="8" /></td>}

^</tr>

^<tr>

^{<td width="160"> </td>}

^{<td width="140"><label>Confirm:</label>}

^</td>

^{<td><input name="fu_pass2" type="password" id="fu_pass2" size="8" maxlength="8" /></td>}

^</tr>

^<tr>

^<td> </td>

^<td> </td>

^{<td><input type="submit" name="fenvia" id="fenvia" value="Send" /></td>}

^</tr>

^</table>

^</form>

^<?php

^}

^{mysql_close($ligacao);}

^?>

^</body>

^</html>

I would apreciate if anybody could help, the error is to either put the right password or wrong allways shows that the password is wrong

I'am sorry, used wrong bbcode

WebStyles · June 3, 2011

there are several things that could be improved in your code.

1. you should really consider using some sort of hash for your passwords, even if it's just md5(). If you want to make it even more secure, add some salt.

2. when you grab the inserted username and password, use trim($_POST['fu_pass']) to clean the input.

things you can check:

1. if the problem is when logging in, then the file register.php has nothing to do with it since the login function and form are both in index.php

2. I'm assuming you have inserted a username and password manually into the database for testing purposes. Use a simple password like 123 to test first, just so you can be absolutely sure you're typing it correctly.

3. I'm assuming you do not allow duplicate usernames (?) your login sql statement could be limited to 1.

4. you're grabbing all info from database where user = $user and pass=$pass, so if nothing is returned, how do you know it was a wrong password and not a wrong username? Consider grabbing all info where user=$user and then comparing the password.

try these first, and you should find the problem, otherwise, post your results and I'll have another look at it.

hope this helps.

ObscureMind · June 3, 2011

there are several things that could be improved in your code.

1. you should really consider using some sort of hash for your passwords, even if it's just md5(). If you want to make it even more secure, add some salt.

I'am using PASSWORD on sql statment thats encodes it.

2. when you grab the inserted username and password, use trim($_POST['fu_pass']) to clean the input.

Already tried it and the error its the same, it says wrong password or username.

2. I'm assuming you have inserted a username and password manually into the database for testing purposes. Use a simple password like 123 to test first, just so you can be absolutely sure you're typing it correctly.
3. I'm assuming you do not allow duplicate usernames (?) your login sql statement could be limited to 1.

I have not entered it manually, ive registered, and it went ok the data its wrote on the database it look like this.

u_nome :killaruna123

u_password : *46ED8E4256C4A048A29199E4B3D8B22448D5ED53

And you were right iam not allowing duplicated usernames, and i don not know if the error is in the username or password.

The error persist

WebStyles · June 3, 2011

mysql PASSWORD() hashes are 41 bytes (I think).

How big is your password field in the database? maybe it's being truncated?

I still believe you should be testing this with a simple password first. also remove the password() function and insert 123 in database as password to test, just so you can figure out where the problem is.

ObscureMind · June 3, 2011

mysql PASSWORD() hashes are 41 bytes (I think).

How big is your password field in the database? maybe it's being truncated?

I still believe you should be testing this with a simple password first. also remove the password() function and insert 123 in database as password to test, just so you can figure out where the problem is.

The field in the database its 100 so its no from it.

I've tested without the PASSWORD and wrote 1234 on the database and the error persist

ObscureMind · June 3, 2011

Found the problem.

The query is wrong, instead of picking the username its picking the email.

WebStyles · June 3, 2011

told you your script is badly written because it does not distinguish between what's a password error or what's a username error.

Glad you finally solved it.

ObscureMind · June 3, 2011

Thanks for the help.

Sign In

Problem With login

Recommended Posts

ObscureMind

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

ObscureMind

Link to comment

Share on other sites

WebStyles

Link to comment

Share on other sites

ObscureMind

Link to comment

Share on other sites

WebStyles

Link to comment

Share on other sites

ObscureMind

Link to comment

Share on other sites

ObscureMind

Link to comment

Share on other sites

WebStyles

Link to comment

Share on other sites

ObscureMind

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information