Jump to content

incorrect password

hullcalendar

By hullcalendar
in PHP Coding Help

 Share

Recommended Posts

hullcalendar Newbie

hullcalendar

Posted
Posted

hey guys, sorry this is a big chunk of code but im not sure why my login form wont work, i know it connects properly as my register form is working just fine but for some reason when i try to login i cant, not sure if its maybe its something to do with md5 encryption. if anybody has a few minutes to look at this that would be amazing!

<?php 
// Connects to your Database 
mysql_connect("localhost", "hullcale_admin", "zxcvbnm") or die(mysql_error()); 
mysql_select_db("hullcale_phplogin") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{ 
    $username = $_COOKIE['ID_my_site']; 
    $pass = $_COOKIE['Key_my_site'];
        $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check ))    
       {
       if ($pass != $info['password']) 
          {
                    }
       else
          {
          header("Location: members.php");

          }
       }
}

//if the login form is submitted 
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
    if(!$_POST['username'] | !$_POST['pass']) {
       die('You did not fill in a required field.');
    }
    // checks it against the database


if (!get_magic_quotes_gpc()) {
       $_POST['email'] = addslashes($_POST['email']);
    }
    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
       die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
             }
while($info = mysql_fetch_array( $check ))    
{
$_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
    if ($_POST['pass'] != $info['password']) {
       die('Incorrect password, please try again.');
    }
else 
{ 

// if login is ok then we add a cookie 
     $_POST['username'] = stripslashes($_POST['username']); 
     $hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour);    

//then redirect them to the members area 
header("Location: members.php"); 
} 
} 
} 
else 
{    

// if they are not logged in 
?> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<table border="0"> 
<tr><td colspan=2><h1>Login</h1></td></tr> 
<tr><td>Username:</td><td> 
<input type="text" name="username" maxlength="40"> 
</td></tr> 
<tr><td>Password:</td><td> 
<input type="password" name="pass" maxlength="50"> 
</td></tr> 
<tr><td colspan="2" align="right"> 
<input type="submit" name="submit" value="Login"> 
</td></tr> 
</table> 
</form> 
<?php 
} 

?>

 

MOD EDIT: code tags added.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

There are problems in your script outside of your reported issue:

 

1. You first check if the user has credentials saved in a cookie and try to authenticate using that. If it fails you send them back to the login page. It is only if they don't have the cookie set that you check if credentials were POSTed. That means if their cookie becomes corrupted the user would be caught in an infinite loop since you would never check their POSTed values. Typically you would always check POSTed values first since they are the most recent.

 

2. You don't need two sections to check credentials anyway (cookie vs. POST). Jsut determine which credentials to use and hame only ONE query. Otherwise if you need to make a change later you have to remember to change both queries.

 

3. Why do you have a while() loop when you should only have 1 record returned from the quire and why do you have an if/else statemetn with nothing in the if code block? Just reverse the logic in the if condition to test for failure and don't have an else.

 

4. This is incorrect. An OR condition is TWO pipes - ||

if(!$_POST['username'] | !$_POST['pass'])

 

5. You have a line to addslashes to the email value, but then don't do anything with it.

 

I could go on, but there is a lot wrong here. You need to step back. Plan out th elogic and then build each piece one step at a time. Test it, fix it, then move on.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.