Jump to content

**SOLVED**Login validation with md5 and stripslahes problem


Aesop

Recommended Posts

Hi there,

So I got a login validation script that uses md5 and stripslashes for security.  I have commented in the script where I have echo'd back to debug and I'm at a loss as to why this isnt working.  The actual validation of the username and password from the form against the database fails over and over.  I'm sure it's something glaringly obvious lol... 

[code]<?php
include "../includes/config.php"; //db connection set here

//assign the form data to variables
$user = $_POST['user']; //this is their email address
$pass = $_POST['password']; //this is their password in plain text still

//error check the form data
if (!eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,6}$", stripslashes(trim($user)))) // **this works
{
  header("location:index.php?err=1");
}
elseif (!preg_match ("/[^\s]+/",$pass)) {
  // it contains 0 or more whitespace chars ONLY so...
  // set it to empty
  $pass = "";
  // or display an error
header("location:index.php?err=2"); 
  } else {

//encrypt the password
$pHash = md5($pass);
// **echo $pHash worked fine**


//check the form data against the database
$q = "SELECT uid, umail, upass FROM tblUsers WHERE umail= '$user' AND upass= '$pHash'";
$result = mysql_query($q);

//**echo $result turned up fine.  form variables passed and md5 worked**

$nt = mysql_fetch_array($result);
$memberid = $nt['uid'];
$member = $nt['umail'];
$memberpass = $nt['upass'];
if (($user != $member) && ($pHash != $memberpass)) {
header("location:index.php?err=3"); //** I KEEP GETTING THIS ERROR!
} else {
//they passed the database check, assign session variables for the person logging in
$user = $_SESSION['user'];
$active = $_SESSION['logged_in'];

//update their records
$now = date("F j, Y, g:i a");
$passed = "UPDATE tblUsers SET udate = $now WHERE uid = $memberid";

//finally we get to pass them on!
header("location:main.php");
}
}
?>[/code]

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.