Aesop Posted December 14, 2006 Share Posted December 14, 2006 Hi there,So I got a login validation script that uses md5 and stripslashes for security. I have commented in the script where I have echo'd back to debug and I'm at a loss as to why this isnt working. The actual validation of the username and password from the form against the database fails over and over. I'm sure it's something glaringly obvious lol... [code]<?phpinclude "../includes/config.php"; //db connection set here//assign the form data to variables$user = $_POST['user']; //this is their email address$pass = $_POST['password']; //this is their password in plain text still//error check the form dataif (!eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,6}$", stripslashes(trim($user)))) // **this works{ header("location:index.php?err=1");}elseif (!preg_match ("/[^\s]+/",$pass)) { // it contains 0 or more whitespace chars ONLY so... // set it to empty $pass = ""; // or display an errorheader("location:index.php?err=2"); } else {//encrypt the password$pHash = md5($pass);// **echo $pHash worked fine**//check the form data against the database$q = "SELECT uid, umail, upass FROM tblUsers WHERE umail= '$user' AND upass= '$pHash'"; $result = mysql_query($q);//**echo $result turned up fine. form variables passed and md5 worked** $nt = mysql_fetch_array($result); $memberid = $nt['uid']; $member = $nt['umail']; $memberpass = $nt['upass']; if (($user != $member) && ($pHash != $memberpass)) { header("location:index.php?err=3"); //** I KEEP GETTING THIS ERROR! } else { //they passed the database check, assign session variables for the person logging in $user = $_SESSION['user']; $active = $_SESSION['logged_in']; //update their records $now = date("F j, Y, g:i a"); $passed = "UPDATE tblUsers SET udate = $now WHERE uid = $memberid"; //finally we get to pass them on! header("location:main.php"); } }?>[/code] Quote Link to comment Share on other sites More sharing options...
Aesop Posted December 14, 2006 Author Share Posted December 14, 2006 turns out the upass field in the database was only storing 30 characters instead of the 32 needed for the md5 hash. Like I said.... glaringly obvious Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.