dyr Posted May 26, 2012 Share Posted May 26, 2012 Hi all, I've stumbled over a bug which I'm not sure how to fix. For some reason, my login code is messed up? If I enter the username and password correctly, nothing happens and I log in. Yet if I enter a wrong password, it tells me my password is wrong (like it should) yet changes the database password to something random? So neither what I just typed nor the actual password is correct... any help with this? here's the basic login code, without anything sanitized and whatnot: <?php if($loggedin == '0') { if(isset($_POST['submit'])) { // Make sure all forms were filled out. if((!isset($_POST['username'])) || (!isset($_POST['pass'])) || ($_POST['username'] == '') || ($_POST['pass'] == '')) die("Please fill out the form completely. <br><br> <a href=index.php>Continue</a>"); // Get user's record from database $player = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' AND active IS NULL"); $player = mysql_fetch_assoc($player); mysql_real_escape_string($username); mysql_real_escape_string($password); if($player['id'] == false) die("Sorry, that user is not in our database or your account isn't activated.<br><br> <a href=index.php>Back</a>"); else if($player['password'] != md5($_POST['pass'])) die("Wrong password!<br><br> <a href=index.php>Back</a>"); $_SESSION['id'] = $player['id']; $_SESSION['username'] = $player['username']; $_SESSION['password'] = $player['password']; $_SESSION['callname'] = $player['callname']; $_SESSION['email'] = $player['email']; $date = date("m/d/y"); $update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'"); echo '<META HTTP-EQUIV="Refresh" Content="0; URL=news.php">'; } else { echo '<form action=index.php method=post><div style="padding-top:5px;" id=box><table> <tr align=center> <td width=200px> <i><b>Sign in</b></i></td></tr> <tr><td valign=middle> <table><tr><td><input type=text name=username placeholder=Username size=25></td></tr></table> </td></tr> <tr> <td valign=middle> <table><tr><td><input type=password placeholder=Password name=pass size=25></td></tr></table> </td> </tr> <tr><td align=right width=200px><input type=submit name=submit value=Login class=button><br /><br /><a href=#>Register!</a> or <a href=forgotpass.php>Forgot password?</a> </form><br /><br /></td><tr><td align=left><iframe src="chat.php" width="100%" height="410px" align="left" frameborder="0" style="overflow:visible;"></iframe></tr></td></div> </tr></table></div></center>'; } } else { $player_q = mysql_query("SELECT `callname` FROM `users` WHERE id = '".$_SESSION['id']."'"); $player_r = mysql_fetch_assoc($player_q); $player = $player_r['callname']; echo '<div style="padding-top:5px;" id=box><table align="left"> <i><b>Welcome Back!</b></i><br />Hey again, '.$player.'! <br /><br /><b>Gold:</b> 0<br /><b>Inbox Status:</b> <a href=inbox.php>Old</a><br /> <b>Recent Posts:</b> Old<br /><br /><center>2 users online<br /><br /></center><iframe src="chat.php" width="100%" height="410px" align="left" frameborder="0" allowtransparency="true"></iframe><br /><a href=logout.php>Logout?</a><br /><br /></center>'; echo '</div> </table>'; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/ Share on other sites More sharing options...
papillonstudios Posted May 26, 2012 Share Posted May 26, 2012 This may help <?php if (isset($_COOKIE['username'])) { header("Location: index.php"); } if (isset($_GET['status']) == 'not') { echo 'You are not Logged In'; } if (!isset($_POST['login'])) { ?> <div id="formContainer"> <h2>Login</h2> <form action="?action=login" method="post"> <table> <tr> <td>Username </td><td><input type="text" name="username" /></td> </tr> <tr> <td>Password </td><td><input type="password" name="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> <?php } else { //Declare Variables $username = secure($_POST['username']); $password = secure($_POST['password']); if (!$username || !$password) { echo 'Please completely fill out the form'; } else { $query = mysql_query("SELECT * FROM `users` WHERE username='$username'"); if (($query = mysql_num_rows($query)) == 0) { echo 'The username and password did not match.'; } else { $result = mysql_query("SELECT active FROM `users` WHERE username='$username'"); while ($row = mysql_fetch_assoc($result)) { if ($row['active'] == 0) { $active = false; } else if ($row['active'] == 1 || $row['active'] == 2) { $active = true; } } if ($active == true) { //Encrypt the Password $encpass = sha1($password . SALT); //Find the user $superquery = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$encpass'"); if (mysql_num_rows($superquery) == 1) { //If the user is found, set the cookies setcookie("username", $username, $cookieTime); setcookie("password", $encpass, $cookieTime); //send the user to the home page header("Location: index.php"); } else { echo 'Password was incorrect. Please try again.'; } } else { echo 'Your account is not activated! Check Your inbox and your spam box!'; } } } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348819 Share on other sites More sharing options...
dyr Posted May 26, 2012 Author Share Posted May 26, 2012 If possible I'd like to keep it to just using sessions, but thank you! Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348827 Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2012 Share Posted May 26, 2012 The code you posted cannot do what you state. Your actual code must have some password change logic or password reset logic in it that is causing the symptom. Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348833 Share on other sites More sharing options...
dyr Posted May 26, 2012 Author Share Posted May 26, 2012 Gotcha, here's a portion of the edit profile code in which they could change the password: if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = md5(mysql_escape_string($_POST['password'])); $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div style='10px' id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; and here's a portion of the forgot password code (in which it generates a new password for the user): if (isset($_POST['submit'])) { if ($_POST['forgotpassword']=='') { error('Please Fill in Email.'); } if(get_magic_quotes_gpc()) { $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword'])); } else { $forgotpassword = htmlspecialchars($_POST['forgotpassword']); } //Make sure it's a valid email address, last thing we want is some sort of exploit! if (!check_email_address($_POST['forgotpassword'])) { error('Email Not Valid - Must be in format of [email protected]'); } // Lets see if the email exists $sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'"; $result = mysql_query($sql)or die('Could not find member: ' . mysql_error()); if (!mysql_result($result,0,0)>0) { error('Email Not Found!'); } //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); // Make a safe query $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE `email` = '$forgotpassword'", mysql_real_escape_string($newpassword)); mysql_query($query)or die('Could not update members: ' . mysql_error()); //Email out the infromation $subject = "Your New Password"; $message = "You have forgotten your password. Your new password is as follows: ---------------------------- Password: $emailpassword ---------------------------- Upon logging in, you can click on the Home button and change your password. Please note all information is encrypted in our database! This email was automatically generated, please do not respond."; if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){ die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); }else{ error('Success! A new password has been sent to your email!'); } } else { ?> <form name="forgotpasswordform" action="" method="post"> <table border="0" cellspacing="0" cellpadding="3" width="20%"> <caption> <div>Password Reset Page</div> </caption> <tr> <td>Email Address: <input name="forgotpassword" type="text" placeholder="email" id="forgotpassword" /></td> </tr> <tr> <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td> </tr> </table> Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348843 Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2012 Share Posted May 26, 2012 It's not directly possible to help when you post code snippets out of context, since that doesn't show the relationship between all the pieces of code, but since your forgotten password code is also testing $_POST['submit'], that's likely where the problem lies. Make sure that each separate part of your form processing code only runs when it is supposed to. Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348854 Share on other sites More sharing options...
dyr Posted May 26, 2012 Author Share Posted May 26, 2012 okay, I believe I was having this problem before I included the forgot pass function so here's the full edit profile code: <?php include('config.php'); include('header.php'); if($_SESSION['id']=="") { header("Location: YouMustLogInNotice.html"); } if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = md5(mysql_escape_string($_POST['password'])); $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div style='10px' id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; ?> <?php include('footer.php'); ?> Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348855 Share on other sites More sharing options...
PFMaBiSmAd Posted May 26, 2012 Share Posted May 26, 2012 You need an exit; statement after your header() redirect to prevent the rest of the code on your page from running while the browser requests the new target page. If you have other code that is missing the exit; statement after a header() redirect, that could cause the problem you are seeing. All the code on the page runs, when you think the header() statement is preventing it. A header() statement ONLY sends a header to the browser. It has no affect on the php code on the server. Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348857 Share on other sites More sharing options...
dyr Posted May 27, 2012 Author Share Posted May 27, 2012 that did the trick, thanks. Quote Link to comment https://forums.phpfreaks.com/topic/263182-if-password-entered-wrong-real-password-changes/#findComment-1348987 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.