Jump to content

If Password Entered Wrong, Real Password Changes

dyr

By dyr
in PHP Coding Help

 Share

Recommended Posts

dyr Member

dyr

Posted
Posted

Hi all, I've stumbled over a bug which I'm not sure how to fix.  For some reason, my login code is messed up?  If I enter the username and password correctly, nothing happens and I log in.  Yet if I enter a wrong password, it tells me my password is wrong (like it should) yet changes the database password to something random?  So neither what I just typed nor the actual password is correct... any help with this?

 

here's the basic login code, without anything sanitized and whatnot:

<?php

if($loggedin == '0')
{
if(isset($_POST['submit']))
{

// Make sure all forms were filled out.

if((!isset($_POST['username'])) || 
(!isset($_POST['pass'])) 
|| ($_POST['username'] == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=index.php>Continue</a>");

// Get user's record from database
$player = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' AND active IS NULL");
$player = mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if($player['id'] == false)
die("Sorry, that user is not in our database or your account isn't activated.<br><br>
<a href=index.php>Back</a>");
else if($player['password'] != md5($_POST['pass']))
die("Wrong password!<br><br>
<a href=index.php>Back</a>");

$_SESSION['id'] = $player['id'];
$_SESSION['username'] = $player['username'];
$_SESSION['password'] = $player['password'];
$_SESSION['callname'] = $player['callname'];
$_SESSION['email'] = $player['email'];

$date = date("m/d/y");

$update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'");

echo '<META HTTP-EQUIV="Refresh" Content="0; URL=news.php">';

}
else
{
echo '<form action=index.php method=post><div style="padding-top:5px;" id=box><table>

<tr align=center>
<td width=200px>
<i><b>Sign in</b></i></td></tr>
<tr><td valign=middle>
	<table><tr><td><input type=text name=username placeholder=Username size=25></td></tr></table>
</td></tr>
<tr>
<td valign=middle>
	<table><tr><td><input type=password placeholder=Password name=pass size=25></td></tr></table>
</td>
</tr>
<tr><td align=right width=200px><input type=submit name=submit value=Login class=button><br /><br /><a href=#>Register!</a> or <a href=forgotpass.php>Forgot password?</a>
</form><br /><br /></td><tr><td align=left><iframe src="chat.php" width="100%" height="410px" align="left" frameborder="0" style="overflow:visible;"></iframe></tr></td></div>
</tr></table></div></center>';

}
}

else
{
$player_q = mysql_query("SELECT `callname` FROM `users` WHERE id = '".$_SESSION['id']."'");
	$player_r = mysql_fetch_assoc($player_q);
	$player = $player_r['callname'];

echo '<div style="padding-top:5px;" id=box><table align="left">
<i><b>Welcome Back!</b></i><br />Hey again, '.$player.'! <br /><br /><b>Gold:</b> 0<br /><b>Inbox Status:</b> <a href=inbox.php>Old</a><br />
<b>Recent Posts:</b> Old<br /><br /><center>2  users online<br /><br /></center><iframe src="chat.php" width="100%" height="410px" align="left" frameborder="0" allowtransparency="true"></iframe><br /><a href=logout.php>Logout?</a><br /><br /></center>';

echo '</div>
</table>';	

}

?>

Link to comment
Share on other sites
papillonstudios Regular Member

papillonstudios

Posted
Posted

This may help

 

<?php
if (isset($_COOKIE['username'])) {
header("Location: index.php");
}

if (isset($_GET['status']) == 'not') {
echo 'You are not Logged In';
}

if (!isset($_POST['login']))
{
?>
<div id="formContainer">
    <h2>Login</h2>
    <form action="?action=login" method="post">
    	<table>
    		<tr>
    			<td>Username </td><td><input type="text" name="username" /></td>
    		</tr>
    		<tr>
    			<td>Password </td><td><input type="password" name="password" /></td>
    		</tr>
    		<tr>
    			<td> </td>
    			<td><input type="submit" name="login" value="Login" /></td>
    		</tr>
    	</table>
    </form>
</div>
<?php
}
else
{
    //Declare Variables
    $username = secure($_POST['username']);
    $password = secure($_POST['password']);
    
    if (!$username || !$password)
    {
    	echo 'Please completely fill out the form';
    }
    else
    {
    	$query = mysql_query("SELECT * FROM `users` WHERE username='$username'");
    	
    	 if (($query = mysql_num_rows($query)) == 0) {
            echo 'The username and password did not match.';
        } else {
        
        	$result = mysql_query("SELECT active FROM `users` WHERE username='$username'");
        	
        	while ($row = mysql_fetch_assoc($result))
    	{
    		if ($row['active'] == 0)
    		{
    			$active = false;
    		}
    		else if ($row['active'] == 1 || $row['active'] == 2) {
    			$active = true;
    		}
    	}
        	
        	if ($active == true) {
        		
        		//Encrypt the Password
        		$encpass = sha1($password . SALT);
        	
        		//Find the user
            	$superquery = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$encpass'");


            	if (mysql_num_rows($superquery) == 1) {

                	//If the user is found, set the cookies

                	setcookie("username", $username, $cookieTime);
                	setcookie("password", $encpass, $cookieTime);


               		//send the user to the home page
    				header("Location: index.php");
        		
        		}
    			else
    			{
    				echo 'Password was incorrect. Please try again.';
    			}
    		}
    		else
    		{
    			echo 'Your account is not activated! Check Your inbox and your spam box!';
    		}
        }
    }
}
?>

Link to comment
Share on other sites
dyr Member

dyr

Posted
  • Author
Posted

Gotcha, here's a portion of the edit profile code in which they could change the password:

if(isset($_POST['btnedit'])){
$callname = $_POST['callname'];
$email = $_POST['email'];
$password = md5(mysql_escape_string($_POST['password']));

$sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" );

if($sql){
echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>";
}else{
echo "<script>alert('updating profile failed!');</script>";
}

}




$sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); 
$row = mysql_fetch_array($sql);


$user = $userfinal;

echo "<td align=center>

<div style='10px' id=box>
<table width='100%'>
<tr>
<td><h2>Edit profile</h2>
<form method='post'>
<table><tr><th>ID#:</th><td>".$user."</td></tr>
<tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr>
<tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr>
<tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr>
<tr><th>Registered:</th><td>".$row['registered']."</td></tr>
<tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr>
</table><br />
<input type='submit' name='btnedit' value='update' class=button />
</form></div></td>
</tr>
</table>
</td></tr>
</table>";

 

and here's a portion of the forgot password code (in which it generates a new password for the user):

if (isset($_POST['submit'])) {

if ($_POST['forgotpassword']=='') {
	error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
	$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
} 
else {
	$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['forgotpassword'])) {
  		error('Email Not Valid - Must be in format of name@domain.tld');
}
    // Lets see if the email exists
    $sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'";
    $result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
    if (!mysql_result($result,0,0)>0) {
        error('Email Not Found!');
    }

//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

        // Make a safe query
       	$query = sprintf("UPDATE `users` SET `password` = '%s' 
					  WHERE `email` = '$forgotpassword'",
                    mysql_real_escape_string($newpassword));

				mysql_query($query)or die('Could not update members: ' . mysql_error());

//Email out the infromation
$subject = "Your New Password"; 
$message = "You have forgotten your password.  Your new password is as follows:
---------------------------- 
Password: $emailpassword
---------------------------- 
Upon logging in, you can click on the Home button and change your password.  Please note all information is encrypted in our database!

This email was automatically generated, please do not respond."; 
                       
          if(!mail($forgotpassword, $subject, $message,  "FROM: $site_name <$site_email>")){ 
             die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); 
          }else{ 
                error('Success!  A new password has been sent to your email!');
         } 

}

else {
?>
      <form name="forgotpasswordform" action="" method="post">
        <table border="0" cellspacing="0" cellpadding="3" width="20%">
          <caption>
          <div>Password Reset Page</div>
          </caption>
          <tr>
            <td>Email Address:
           <input name="forgotpassword" type="text" placeholder="email" id="forgotpassword" /></td>
          </tr>
          <tr>
            <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
          </tr>
        </table>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

It's not directly possible to help when you post code snippets out of context, since that doesn't show the relationship between all the pieces of code, but since your forgotten password code is also testing $_POST['submit'], that's likely where the problem lies.

 

Make sure that each separate part of your form processing code only runs when it is supposed to.

Link to comment
Share on other sites
dyr Member

dyr

Posted
  • Author
Posted

okay, I believe I was having this problem before I included the forgot pass function so here's the full edit profile code:

<?php

include('config.php');
include('header.php');
if($_SESSION['id']=="") {
     header("Location: YouMustLogInNotice.html");
    }


if(isset($_POST['btnedit'])){
$callname = $_POST['callname'];
$email = $_POST['email'];
$password = md5(mysql_escape_string($_POST['password']));

$sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" );

if($sql){
echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>";
}else{
echo "<script>alert('updating profile failed!');</script>";
}

}




$sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); 
$row = mysql_fetch_array($sql);


$user = $userfinal;

echo "<td align=center>

<div style='10px' id=box>
<table width='100%'>
<tr>
<td><h2>Edit profile</h2>
<form method='post'>
<table><tr><th>ID#:</th><td>".$user."</td></tr>
<tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr>
<tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr>
<tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr>
<tr><th>Registered:</th><td>".$row['registered']."</td></tr>
<tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr>
</table><br />
<input type='submit' name='btnedit' value='update' class=button />
</form></div></td>
</tr>
</table>
</td></tr>
</table>";


?>
<?php

include('footer.php');

?>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You need an exit; statement after your header() redirect to prevent the rest of the code on your page from running while the browser requests the new target page.

 

If you have other code that is missing the exit; statement after a header() redirect, that could cause the problem you are seeing. All the code on the page runs, when you think the header() statement is preventing it. A header() statement ONLY sends a header to the browser. It has no affect on the php code on the server.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.