Jump to content

**SOLVED**Login validation with md5 and stripslahes problem

Aesop

By Aesop
in PHP Coding Help

 Share

Recommended Posts

Aesop Newbie

Aesop

Posted
Posted
Hi there,

So I got a login validation script that uses md5 and stripslashes for security.  I have commented in the script where I have echo'd back to debug and I'm at a loss as to why this isnt working.  The actual validation of the username and password from the form against the database fails over and over.  I'm sure it's something glaringly obvious lol... 

[code]<?php
include "../includes/config.php"; //db connection set here

//assign the form data to variables
$user = $_POST['user']; //this is their email address
$pass = $_POST['password']; //this is their password in plain text still

//error check the form data
if (!eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,6}$", stripslashes(trim($user)))) // **this works
{
  header("location:index.php?err=1");
}
elseif (!preg_match ("/[^\s]+/",$pass)) {
  // it contains 0 or more whitespace chars ONLY so...
  // set it to empty
  $pass = "";
  // or display an error
header("location:index.php?err=2"); 
  } else {

//encrypt the password
$pHash = md5($pass);
// **echo $pHash worked fine**


//check the form data against the database
$q = "SELECT uid, umail, upass FROM tblUsers WHERE umail= '$user' AND upass= '$pHash'";
$result = mysql_query($q);

//**echo $result turned up fine.  form variables passed and md5 worked**

$nt = mysql_fetch_array($result);
$memberid = $nt['uid'];
$member = $nt['umail'];
$memberpass = $nt['upass'];
if (($user != $member) && ($pHash != $memberpass)) {
header("location:index.php?err=3"); //** I KEEP GETTING THIS ERROR!
} else {
//they passed the database check, assign session variables for the person logging in
$user = $_SESSION['user'];
$active = $_SESSION['logged_in'];

//update their records
$now = date("F j, Y, g:i a");
$passed = "UPDATE tblUsers SET udate = $now WHERE uid = $memberid";

//finally we get to pass them on!
header("location:main.php");
}
}
?>[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.