Problem login sha1

bugzy · August 17, 2012

I'm having problem with my login.

Here's my code

Register.php

if(isset($_POST['submit']))
{



$email = me_mysql_prep(trim($_POST['email']));
$fname = me_mysql_prep(trim($_POST['fname']));
$lname = me_mysql_prep(trim($_POST['lname']));

        $password = me_mysql_prep($_POST['password']);
$hashed_password = sha1($password);

       $query = "INSERT into user (email, last_name, first_name,  password) VALUES ('{$email}','{$fname}', '{$lname}',{$hashed_password}')";
       $result = mysql_query($query,$connection);

}

login.php

if(isset($_POST['submit']))
{



$email = me_mysql_prep(trim($_POST['email']));
$password = me_mysql_prep(trim($_POST['password']));
$hashed_password = sha1($password);
        

$query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1";
		$result = mysql_query($query,$connection) or die (mysql_error());
		$num_user = mysql_num_rows($result);



		if($num_user == 1)
		{
			$check_status = mysql_result($result,0,'status');

			if($check_status == 3)
			{
				echo "<span class=\"error_validation\">You account is banned!</span>";
			}
			else
			{		
				me_redirect_to('index.php');
			}
		}
		else
		{
			echo "<span class=\"error_validation\">E-mail/Password combination is incorrect.<br>Pls. make sure that your CAPS LOCK is off and try again.</span>";
		}



}

me_mysql_prep is a function for mysql_real_escape_string

Problem is it seemed like I'm not getting a row back even if I'm typing the right e-mail address and password and it keep saying that my e-mail and password combination is incorrect?

Anyone? :shrug:

MMDE · August 17, 2012

$query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1";
echo 'This is the MySQL query: '.$query;
$result = mysql_query($query,$connection) or die (mysql_error());
$num_user = mysql_num_rows($result);
$num_user = mysql_num_rows($result);
echo 'Amount of rows: '.$num_user;

Please tell us what shows up now.

Also turn on error reporting at the beginning of the script, if it isn't already on.

error_reporting(-1);

Jet4Fire · August 17, 2012

First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password?

bugzy · August 17, 2012

$query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1";
echo 'This is the MySQL query: '.$query;
$result = mysql_query($query,$connection) or die (mysql_error());
$num_user = mysql_num_rows($result);
$num_user = mysql_num_rows($result);
echo 'Amount of rows: '.$num_user;

Please tell us what shows up now.

Also turn on error reporting at the beginning of the script, if it isn't already on.

error_reporting(-1);

MMDE I got this

This is the MySQL query: Select member_id from user where email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1

Amount of rows: 0

E-mail/Password combination is incorrect.

Pls. make sure that your CAPS LOCK is off and try again.

:shrug:

bugzy · August 17, 2012

First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password?

I have tried removing the trim from both register and login, register another member and it's the same thing. I still can't get any row

MMDE · August 17, 2012

$query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1";
echo 'This is the MySQL query: '.$query;
$result = mysql_query($query,$connection) or die (mysql_error());
$num_user = mysql_num_rows($result);
$num_user = mysql_num_rows($result);
echo 'Amount of rows: '.$num_user;
Please tell us what shows up now.

Also turn on error reporting at the beginning of the script, if it isn't already on.
error_reporting(-1);
MMDE I got this

This is the MySQL query: Select member_id from user where email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1

Amount of rows: 0

E-mail/Password combination is incorrect.

Pls. make sure that your CAPS LOCK is off and try again.

I think the next logical thing to do is to check if there's a user with such data in your database?

email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221'

If this isn't the case, make sure you do the same with the input from user as you did when you registered them. You may want to echo their values ($_POST) sent in both cases. Also echo password before and after you hash it, to see that they are all as you expect.

Why would you need to limit it to 1? =o

bugzy · August 17, 2012

I finally figured out the problem.

Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form.

MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there

Thanks again!

MMDE · August 17, 2012

I finally figured out the problem.

Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form.

MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there

Thanks again!

Ah, so it wasn't the same in the database.

Good to hear the problem is fixed, and it's always good to check that the data that is being passed around and is making wrong decision in your code is what you think it is.

xyph · August 17, 2012

You don't want to use SHA1 alone. 10258272

bugzy · August 17, 2012

You don't want to use SHA1 alone. 10258272

how did it happen xyph? how did you do that?

So what the other step that I need and must do after that sha1?

xyph · August 17, 2012

Try googling '6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' I'm not a wizard, sorry

Check out the article in my signature. It tells you just about everything to do when handling passwords with PHP, and provides a great, light class that implements bcrypt. bcrypt was designed for password hashing in mind - it's slow. SHA1 was design for extremely fast checksums of potentially large files, not passwords

bugzy · August 17, 2012

I will definitely read that.

Thanks!

Sign In

Problem login sha1

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information