bugzy Posted August 17, 2012 Share Posted August 17, 2012 I'm having problem with my login. Here's my code Register.php if(isset($_POST['submit'])) { $email = me_mysql_prep(trim($_POST['email'])); $fname = me_mysql_prep(trim($_POST['fname'])); $lname = me_mysql_prep(trim($_POST['lname'])); $password = me_mysql_prep($_POST['password']); $hashed_password = sha1($password); $query = "INSERT into user (email, last_name, first_name, password) VALUES ('{$email}','{$fname}', '{$lname}',{$hashed_password}')"; $result = mysql_query($query,$connection); } login.php if(isset($_POST['submit'])) { $email = me_mysql_prep(trim($_POST['email'])); $password = me_mysql_prep(trim($_POST['password'])); $hashed_password = sha1($password); $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); if($num_user == 1) { $check_status = mysql_result($result,0,'status'); if($check_status == 3) { echo "<span class=\"error_validation\">You account is banned!</span>"; } else { me_redirect_to('index.php'); } } else { echo "<span class=\"error_validation\">E-mail/Password combination is incorrect.<br>Pls. make sure that your CAPS LOCK is off and try again.</span>"; } } me_mysql_prep is a function for mysql_real_escape_string Problem is it seemed like I'm not getting a row back even if I'm typing the right e-mail address and password and it keep saying that my e-mail and password combination is incorrect? Anyone? Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/ Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370093 Share on other sites More sharing options...
Jet4Fire Posted August 17, 2012 Share Posted August 17, 2012 First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password? Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370095 Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); MMDE I got this This is the MySQL query: Select member_id from user where email = '[email protected]' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1 Amount of rows: 0 E-mail/Password combination is incorrect. Pls. make sure that your CAPS LOCK is off and try again. Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370098 Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 First thing. Why you in register.php remove spaces at beginning and end of password, but at login.php not remove spaces, maybe you have spaces from beginning or and of password? I have tried removing the trim from both register and login, register another member and it's the same thing. I still can't get any row Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370101 Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 $query = "Select member_id from user where email = '{$email}' AND password ='{$hashed_password}' LIMIT 1"; echo 'This is the MySQL query: '.$query; $result = mysql_query($query,$connection) or die (mysql_error()); $num_user = mysql_num_rows($result); $num_user = mysql_num_rows($result); echo 'Amount of rows: '.$num_user; Please tell us what shows up now. Also turn on error reporting at the beginning of the script, if it isn't already on. error_reporting(-1); MMDE I got this This is the MySQL query: Select member_id from user where email = '[email protected]' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' LIMIT 1 Amount of rows: 0 E-mail/Password combination is incorrect. Pls. make sure that your CAPS LOCK is off and try again. I think the next logical thing to do is to check if there's a user with such data in your database? email = '[email protected]' AND password ='6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' If this isn't the case, make sure you do the same with the input from user as you did when you registered them. You may want to echo their values ($_POST) sent in both cases. Also echo password before and after you hash it, to see that they are all as you expect. Why would you need to limit it to 1? =o Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370102 Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 I finally figured out the problem. Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form. MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there Thanks again! Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370104 Share on other sites More sharing options...
MMDE Posted August 17, 2012 Share Posted August 17, 2012 I finally figured out the problem. Problem is in my database, I set password column length to only 20 where by sha1 is giving me values with more than 20 characters. So everytime I'm registering, sha1 is been cut into 20 characters only and will not match the sha1 on the login form. MMDE thanks for helping out! about that LIMIT I have been used on putting it even though it isn't necessary there Thanks again! Ah, so it wasn't the same in the database. Good to hear the problem is fixed, and it's always good to check that the data that is being passed around and is making wrong decision in your code is what you think it is. Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370124 Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 You don't want to use SHA1 alone. 10258272 Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370172 Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 You don't want to use SHA1 alone. 10258272 how did it happen xyph? how did you do that? So what the other step that I need and must do after that sha1? Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370203 Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 Try googling '6e7c884c910fdc9ee88f2aee6a3b9c02f2638221' I'm not a wizard, sorry Check out the article in my signature. It tells you just about everything to do when handling passwords with PHP, and provides a great, light class that implements bcrypt. bcrypt was designed for password hashing in mind - it's slow. SHA1 was design for extremely fast checksums of potentially large files, not passwords Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370206 Share on other sites More sharing options...
bugzy Posted August 17, 2012 Author Share Posted August 17, 2012 I will definitely read that. Thanks! Link to comment https://forums.phpfreaks.com/topic/267218-problem-login-sha1/#findComment-1370215 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.