bugzy Posted August 17, 2012 Share Posted August 17, 2012 I'm having problem with my login. Here's my code Register.php if(isset($_POST['submit'])) { $email = me_mysql_prep(trim($_POST['email'])); $fname = me_mysql_prep(trim($_POST['fname'])); $lname = me_mysql_prep(trim($_POST['lname'])); $password = me_mysql_prep($_POST['password']); $hashed_password = sha1($password); $query = "INSERT into user (email, last_name, first_name, password) VALUES ('{$email}','{$fname}', '{$lname}',{$hashed_password}')"; $result = mysql_query($query,$connection); } login.php if(isset($_POST['submit'])) { $email = me_mysql_prep(trim($_POST['email'])); $password = me_mysql_prep(trim($_POST['password'])); $hashed_password = sha1($password); $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); if($num_user == 1) { $check_status = mysql_result($result,0,'status'); if($check_status == 3) { echo "<span class=\"error_validation\">You account is banned!</span>"; } else { me_redirect_to('index.php'); } } else { echo "<span class=\"error_validation\">E-mail/Password combination is incorrect.<br>Pls. make sure that your CAPS LOCK is off and try again.</span>"; } } me_mysql_prep is a function for mysql_real_escape_string Problem is it seemed like I'm not getting a row back even if I'm typing the right e-mail address and password and it keep saying that my e-mail and password combination is incorrect? Anyone? Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); Quote Link to comment Share on other sites More sharing options...
Jet4Fire Posted August 17, 2012 Share Posted August 17, 2012 First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password? Quote Link to comment Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); MMDE I got this This is the MySQL query: Select member_id from user where email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1 Amount of rows: 0 E-mail/Password combination is incorrect. Pls. make sure that your CAPS LOCK is off and try again. Quote Link to comment Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password? I have tried removing the trim from both register and login, register another member and it's the same thing. I still can't get any row Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); MMDE I got this This is the MySQL query: Select member_id from user where email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1 Amount of rows: 0 E-mail/Password combination is incorrect. Pls. make sure that your CAPS LOCK is off and try again. I think the next logical thing to do is to check if there's a user with such data in your database? email = 'hey@yahoo.com' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' If this isn't the case, make sure you do the same with the input from user as you did when you registered them. You may want to echo their values ($_POST) sent in both cases. Also echo password before and after you hash it, to see that they are all as you expect. Why would you need to limit it to 1? =o Quote Link to comment Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 I finally figured out the problem. Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form. MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there Thanks again! Quote Link to comment Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 I finally figured out the problem. Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form. MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there Thanks again! Ah, so it wasn't the same in the database. Good to hear the problem is fixed, and it's always good to check that the data that is being passed around and is making wrong decision in your code is what you think it is. Quote Link to comment Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 You don't want to use SHA1 alone. 10258272 Quote Link to comment Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 You don't want to use SHA1 alone. 10258272 how did it happen xyph? how did you do that? So what the other step that I need and must do after that sha1? Quote Link to comment Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 Try googling '6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' I'm not a wizard, sorry Check out the article in my signature. It tells you just about everything to do when handling passwords with PHP, and provides a great, light class that implements bcrypt. bcrypt was designed for password hashing in mind - it's slow. SHA1 was design for extremely fast checksums of potentially large files, not passwords Quote Link to comment Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 I will definitely read that. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.