HDFilmMaker2112 Posted June 26, 2011 Share Posted June 26, 2011 The below is giving an error, saying that the password is incorrect. I know for a fact it's correct. <?php if(isset($_SESSION['myusername2']) && isset($_SESSION['mypassword3'])){ $content.=' <div class="main"> <div class="main_header">Admin CP</div> </div> '; } else{ $content=' <table class="actors_table"> <tr> <td align="center">'; if(isset($_GET['e']) && $_GET['e']=="0") { $content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>'; } else{ $content .=""; } $content .='Re-Type your password to view this information: <form action="./adminlogin.php" method="post"> <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </td> </tr> </table> '; } ?> <?php require_once 'db_select.php'; require_once 'func.php'; session_start(); // username and password sent from form $myusername=sanitize($_POST['username']); $mypassword=sanitize($_POST['password']); $check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'"; $details_result=mysql_query($check_details); // Mysql_num_row is counting table row $count_details=mysql_num_rows($details_result); // If result matched $myusername and $mypassword, table row must be 1 row if($count_details==1){ $_SESSION['mypassword3']=$mypassword; header("location:index.php?usercp"); } else{ header('Location:./index.php?admincp&e=0'); } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted June 26, 2011 Share Posted June 26, 2011 So you are storing your password in plain text? Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted June 26, 2011 Author Share Posted June 26, 2011 So you are storing your password in plain text? No they are hashed I just removed it from what I posted here. Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted June 26, 2011 Author Share Posted June 26, 2011 I cut it down to this, and it logs in once, but if you click away from the page and come back, the form comes up again, as if the session was never set. <?php require_once 'func.php'; session_start(); $_SESSION['mypassword3']=kam3($_POST['password']); if(isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ $content.=' <div class="main"> <div class="main_header">Admin CP</div> </div> '; } else{ $content=' <table class="actors_table"> <tr> <td align="center">'; if(isset($_GET['e']) && $_GET['e']=="0") { $content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>'; } else{ $content .=""; } $content .='Re-Type your password to view this information: <form action="" method="post"> <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </td> </tr> </table> '; } ?> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 26, 2011 Share Posted June 26, 2011 Have you checked what your code, variables, and data are doing? You are the only one here who has access to your code and database on your server and you are the only one here who can troubleshoot what your code, variables, and data are doing. What value is in $count_details? If it is not 1 like you expect, why not echo/var_dump it and see what value it actually is? What is in $details_result, a FALSE because the query failed due to an error or a result resource? Is the query in $check_details what you expect and is the username/password data in your database table the same as what is in the query? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 26, 2011 Share Posted June 26, 2011 print_r() your $_POST and $_SESSION arrays and look at the output to see if there's any reason for a conditional not to do what you'd expect it to do. Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted June 26, 2011 Author Share Posted June 26, 2011 Have you checked what your code, variables, and data are doing? You are the only one here who has access to your code and database on your server and you are the only one here who can troubleshoot what your code, variables, and data are doing. What value is in $count_details? If it is not 1 like you expect, why not echo/var_dump it and see what value it actually is? What is in $details_result, a FALSE because the query failed due to an error or a result resource? Is the query in $check_details what you expect and is the username/password data in your database table the same as what is in the query? Looks like: echo $details_result; = a resource id echo $count_details; = 0 Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted June 26, 2011 Author Share Posted June 26, 2011 print_r() your $_POST and $_SESSION arrays and look at the output to see if there's any reason for a conditional not to do what you'd expect it to do. The hashed passwords mypassword2 and mypassword3 have different values. Once I log-in each time they're identical, click to another page, and come back to the form, they're different again. I think it's because the POST is assigning to the mypassword3 session outside the if statement, so therefore when come back to the page after clicking away, it's a hashing a blank entry thus giving a different hashed value. Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted June 26, 2011 Author Share Posted June 26, 2011 Alright, now it works briefly. I can log-in, click a few links come back, and it's fine. Click a few more and come back, and it's now the log-in form again. It's like the session last for about 15 seconds. EDIT: Got it. Thanks for the help. <?php require_once 'func.php'; session_start(); print_r($_SESSION); if(isset($_SESSION['myusername2']) && kam3($_POST['password'])==$_SESSION['mypassword2'] || isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ if(!empty($_POST['password'])){ $_SESSION['mypassword3']=kam3($_POST['password']); } $content.=' <div class="main"> <div class="main_header">Admin CP</div> </div> '; } else{ $content=' <table class="actors_table"> <tr> <td align="center">'; if(isset($_GET['e']) && $_GET['e']=="0") { $content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>'; } else{ $content .=""; } $content .='Re-Type your password to view this information: <form action="" method="post"> <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </td> </tr> </table> '; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.