ianhaney Posted December 30, 2015 Share Posted December 30, 2015 (edited) Hi I have built a sign up form which works perfect and a login form that works perfect but if I try to add the id number into the url using php, it makes the login form load the same page and not redirect to the profile page, below is the code I have on the login form processing page <?php ob_start(); session_start(); $username = $_POST['username']; $password = $_POST['password']; $_SESSION['username'] = $username; $conn = mysqli_connect('localhost', '********', '*******', '*******'); $id=$_GET['id']; $username = mysqli_real_escape_string($conn, $username); $query = "SELECT password, salt FROM recruiters WHERE username = '$username' AND id=$id;"; $result = mysqli_query($conn, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { header('Location: recruiter-login.php'); } $userData = mysqli_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. { header('Location: recruiter-login.php'); }else{ // Redirect to home page after successful login. header('Location: recruiter-profile.php?id=$id'); } ?> I put error reporting in and is not displaying any errors so is one good thing If I take out AND id=$id from the sql query, the login works and logs me in Hope someone can help Thank you in advance Ian Edited December 30, 2015 by Barand remove credentials Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/ Share on other sites More sharing options...
ianhaney Posted December 30, 2015 Author Share Posted December 30, 2015 Think I found out the issue just unsure how to solve it It is thinking the password is entered incorrectly so is loading the login page again, below is the code causing the issue if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. { header('Location: recruiter-login.php'); }else{ // Redirect to home page after successful login. header('Location: recruiter-profile.php?id=$id'); } I found out cause I changed the line header('Location: recruiter-login.php'); to header('Location: index.php'); The lines above that checks the password part is below $userData = mysqli_fetch_array($result, MYSQL_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); I know the password is correct as I wrote it down just after typing it in the signup form Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528828 Share on other sites More sharing options...
Muddy_Funster Posted December 30, 2015 Share Posted December 30, 2015 You have some bad practices going on here, in fact that could be one of the most bizarre login procedures I have ever seen. I also hope that those DB credentials are fake or run on a purely local test server. What is the ID and where are you getting it from? Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528829 Share on other sites More sharing options...
sn00pers Posted December 30, 2015 Share Posted December 30, 2015 At some point the hash in the DB had to be created from a password and perhaps the method was slightly different? Why not print both hashes to confirm they don't match? Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528833 Share on other sites More sharing options...
Muddy_Funster Posted December 30, 2015 Share Posted December 30, 2015 At some point the hash in the DB had to be created from a password and perhaps the method was slightly different? Why not print both hashes to confirm they don't match? It's probably more simple than that. One of the issues with the script is that the OP has used the reserved word "password" for the title of a column in the database. This means that the SELECT query isn't going to return what they think it is. To be honest though, that's only one of several serious issues here and can be fixed by wrapping the column name in backticks. Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528834 Share on other sites More sharing options...
Barand Posted December 30, 2015 Share Posted December 30, 2015 "password" is a keyword but is not reserved http://dev.mysql.com/doc/refman/5.5/en/keywords.html 1 Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528835 Share on other sites More sharing options...
ianhaney Posted December 30, 2015 Author Share Posted December 30, 2015 Hi Sorry I have sussed this now but need to remove or edit my original post as contains my db info, I forgot to remove the info before posting, can th admin or moderator edit it for me please, sorry Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528837 Share on other sites More sharing options...
Barand Posted December 30, 2015 Share Posted December 30, 2015 I've already done the edit. Quote Link to comment https://forums.phpfreaks.com/topic/300055-having-issue-passing-id-to-url-after-login/#findComment-1528843 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.