Masonh928 Posted January 11, 2015 Share Posted January 11, 2015 (edited) I know they do, because I tested with. die($HASH_Pass); And it returned the same password as the password stored with the username associated in the database. <?php /* <p class="required">All fields are required</p><br/> <form method="post" action="Scripts/UserFunctions/login.php"> <label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/> <label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/> <input type="submit" name="submit" value="Login"> </form> */ if(isset($_POST['submit'])){ //set default variables $msg = ""; $error = false; //set variables from user input $Username = $_POST['username']; $Password = $_POST['password']; $HASH_Pass = hash("sha512", $Password); //include connection require_once("../DB/connect.php"); //create quarries to get data $Query = $connect->prepare("SELECT * FROM Users WHERE Username = :hhh AND Password = :jjj"); $Query->bindValue(':hhh', $Username); $Query->bindValue(':jjj', $HASH_Pass); $Query->execute() or die("Not executed"); $ROWS = $Query->fetch(PDO::FETCH_NUM); if($ROWS != 0){ $_SESSION['Logged_in']=$Username; header("Location: http://www.family-line.dx.am/Community/profile.php?user=$Username"); exit(); } else { $msg .= "Username and Password do not match. Try again"; $error = true; } if($error){ $Self = $_SERVER['PHP_SELF']; echo <<<form <div style="background: #efefef;"> <h2 style="color: red; font-weight: 850;">{$msg}</h2> <p class="required">All fields are required</p><br/> <form method="post" action="{$Self}"> <label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/> <label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/> <input type="submit" name="submit" value="Login"> </form> </div> form; } } ?> Spelled Queries wrong…sorry I'm using PDO (obviously), but is there anything that would cause this error? I've made a working Login script, but I never used bindValue()... I'm new here. But I'm pretty sure it's not the SQL's issue, because it never displayed the or die(...) Not sure if this helps but the script is here... http://family-line.dx.am/page.php?page=login Username: Test Password: Test Edited January 11, 2015 by Masonh928 Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/ Share on other sites More sharing options...
ginerjm Posted January 12, 2015 Share Posted January 12, 2015 Change this line: if($ROWS != 0) to something more logical. It probably works but it's silly IMHO. if ($ROWS) And then - comment out the header line and replace it with an echo confirming success and let's see what you get. Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502623 Share on other sites More sharing options...
Masonh928 Posted January 12, 2015 Author Share Posted January 12, 2015 I did an or die("NOPE"); It killed the script… So there must be a sql error... Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502734 Share on other sites More sharing options...
Masonh928 Posted January 13, 2015 Author Share Posted January 13, 2015 Got it to work!!!!!!!!!!!!!!!! Used Select count(*)... Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502735 Share on other sites More sharing options...
Jacques1 Posted January 13, 2015 Share Posted January 13, 2015 While you're working on your script, it's also time to take password security more seriously. Algorithms like MD5 or SHA-512 are not acceptable. Stock PCs can easily calculate hundreds of millions of SHA-512 hashes per second, so even strong passwords can be found with a brute-force-attack. And since the same input always leads to the same hash, a lot of weak passwords have already been hashed and can be looked up on Google. The only solution is a specialized password hashing algorithm. A common choice today is “bcrypt”, and you'll be happy to hear that it's fully supported by PHP. Use it. Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502741 Share on other sites More sharing options...
NotionCommotion Posted January 13, 2015 Share Posted January 13, 2015 Just for fun, I tested Jacques claim about looking up a SHA-512 hash on Google. Scary! If I wasn't already a believer, I am now. Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502796 Share on other sites More sharing options...
CroNiX Posted January 13, 2015 Share Posted January 13, 2015 Yeah just google "rainbow table" there are lots of sites dedicated to it, and some even have APIs lol Quote Link to comment https://forums.phpfreaks.com/topic/293859-php-shows-username-and-pass-dont-match-when-i-know-they-do/#findComment-1502816 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.