Login page just refreshes.

[xyph]

Your password is probably being truncated by the database.

 

What kind of column do you use to store it?

[batstanggt]

Im thinking maybe I should just pack these scripts in and start fresh or is that a lil premature?

If you think it might be worth my time to scrap it and start over with a different script/ template of a register/ login system could you please tell me where I can get one that you know works for sure?

-SB

 

[batstanggt]

What do you mean by , and how would a password become truncated in the database?

And if youre talking about what i think you are as far as the column is concerned, VARCHAR (32)...

Let me know if this is or isnt what you were talking about. Thanx xyph.

-SB

 

[batstanggt]

Im wondering too if possibly this....

 

 $password = md5($_POST['password']); 

 

 

should be this? 

 $password = (md5($_POST['password'])); 

-SB

 

[xyph]

No need to bump so soon.

 

What kind of column holds the password in your database? The password could have been truncated.

 

Try selecting and echo'ing all the user data, then echo that password you expect it to be. They may not be the same.

[Pikachu2000]

We've already been through all of this, and you've already told us the password doesn't match what's in the database. Several suggestions have been made to troubleshoot this. What have you done to debug it on your own?

[xyph]

VARCHAR(32) should be enough for an md5

 

On your login page, as a debugger, rather than select

WHERE `user` = $user AND `pass` = $pass

 

Just use

WHERE `user` = $user

 

Then echo the password from teh database beside the password you just hashed from the login form.

[batstanggt]

Nothn because im new to all this and I dont know how to debug it on my own or I wouldnt be asking for help. I dont mean to seem snarky but believe me if I was able to resolve this on my own I would. I did however inquire as to wether or not putting the brackets around the md5 as well as the "password" when declaring the variables at the beggining of the script but i dont think anyone commented on that yet. I honestly just dont wanna tamper with the script too much because then ill have to repost it each time and im sure a very small change could totally change the dynamics of the script and thus advice given for the script i posted may no longer be pertinent if i butcher it all to hell first. I do appreciate everyones help dont get me wrong and I apologize if Im painfully green to php and scripting in general. I  hope people continue to offer ideas and advice as it is very very much appreciated.

-SB

[batstanggt]

Thanks for the tip xyph I will deffinitely try this but I know100% that the passwords dont match so is that basically what this command will achieve? Checking if they match?

-SB 

[xyph]

You can see if they're totally different, if something's been truncated, or if they're the same, with maybe a white space.

[PFMaBiSmAd]

Perhaps if you posted what the actual password is, what the md5 value in the database table is, and what the md5 value is when you echo it in the log in code, someone could pin down what is going on. That would allow someone to determine which md5 value is actually correct and what is causing the wrong one (such as an empty $_POST variable.)

 

I suspect the reason that the echoed md5 value from the log in code is different from the value in the database table is actually due to your log in code being requested without any $_POST data (it's not checking if a form was submitted at all or validating the data in any way before using it.) What got me thinking of this is something that Andy11548 posted -

 

Check your 'memberspage.php' for any redirection to 'login.html'/'login.php'.

 

What if the log in code IS 'working' and is including the  memberspage.php code, but something in that code is causing the page to be requested again without any post data. That would cause the log in form to be redisplayed and the md5 value that is being echoed would be what corresponds to an empty password.

[batstanggt]

OK good thinking because the login html is "included" in this file but to the best of my limited understanding its only is no username is entered? 

 

<?

session_start();

if ( empty( $username ) ) {

    print "Please login below!";

    include 'login.html';

} else {

?>

<html>
<head>
<title>MEMBERS ONLY</title>
</head>
<body>
Your Members Page....<img src="apicture.jpg" />
</body>
</html>

<?
}
?>

[PFMaBiSmAd]

So, the code you just posted above is what is in the memberspage.php file?

 

What about the password and two md5 values? Most of what I suggested as a possible cause of the symptom is based on which md5 value is the correct one that corresponds to the password and if the incorrect md5 value corresponds to an empty password value. Without this specific information that you saw in front of you when you were troubleshooting the problem, this thread will just go on and on and on...

[batstanggt]

PFM or anyone wanna explain then to me where i need to insert the command that tells me which is the right md5 password?

-SB

[PFMaBiSmAd]

<?php

echo md5('your_actual_password_inbetween_these_single_quotes'); // echo the md5 value of some password

?>

[batstanggt]

IT WORKS! Im not sure what exactly I did but it works now. THANK YOU SO MUCH TO EVERYONE WHO CONTRIBUTED TO THIS THREAD AND ULTIMATELY THE RESOLVING OF MY ISSUE. I apologize for at times being so persistent but sad to say that was a few weeks in the making and so as Im sure as many of you can relate when youre stuck on something for that long you just want nothing more than to get past it. Thanks again!

Im sure it wont be long before you guys hear from me. (Im sure everyone is thrilled.) lol.

-SB