Jump to content

Some Login Validation Issues With Crypt()


devilsvein

Recommended Posts

hi guys, i've been having some issues with authenticating a person who logs into my website. I'm using crypt to hash the password from when they register with no salt defined.

 

the code i've used on my login page is this

 


if( $page_mode == 'Login' )
{
require "globe.php";
   //simple post from below
   $username = htmlentities(trim($_POST['username']));
   $username = mysqli_real_escape_string($mysqli, $username);
   $password = trim($_POST['password']);
   $query = mysqli_query($mysqli, "SELECT * FROM Persons WHERE Username = '$username'");
   $row = mysqli_fetch_assoc($query);
   $numrows = mysqli_num_rows($query);
   $dbuser = $row['Username'];
   $dbpass = $row['Password'];
   $hashed_password = crypt($password, $dbpass);




   if( ($username == '') || ($password == '') ) {
       $error_string .= '<font color=red>You have left either the username or password field blank!</font>';
       }
   else if ($numrows == 1)
   {
    if ($dbuser == $username)
       {
       if ($hashed_password == $password)
       {
       $error_string .= '<font color=red>Details checked out</font>';
       }
       else
       {
       $error_string .= '<font color=red>No username can be found! (1)</font>';
       }
      }
   }
   else {
           $error_string .= '<font color=red>No username can be found! (2)</font>';

   }

}

 

everything is fine until it gets to the if statement where it checks the hashed password agaist the user inputted password ($password).

 

it always seems to fail.

 

I've been at this for days now and its really starting to annoy me. Would be so grateful if someone could suggest a solution.

Link to comment
https://forums.phpfreaks.com/topic/271162-some-login-validation-issues-with-crypt/
Share on other sites

made a change on my orginal script:

 

instead of if ($password == $hashed_password)

i used if ($hashed_password == $dbpass)

 

@pikachu

 

well the password in the database is being hashed up i believe. its not the same password that was inputted. in my register page when the table updates, the user password goes through crypt($password);

 

so how would i fix this in login then?

 

because i can't just do if ($password == $dbpass)

 

ones hashed, the others not

The following should have worked - if ($hashed_password == $dbpass)

 

If not, slow down and troubleshoot what your code and data are doing. Echo both of those values. Are they they completely different? Are they different lengths (i.e. $dbpass being shorter because your database table column isn't long enough to hold the value)?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.