Jump to content

[SOLVED] Authentication problems - letting anything in

Eiolon

By Eiolon
in PHP Coding Help

 Share

Recommended Posts

Eiolon Advanced Member

Eiolon

Posted
Posted
Basically, my script is letting anything authenticate, regardless if it is in the database or not.  I am not trying to do anything special besides using SHA1 for hashing.

This is my first PHP script so pay no mind to my excessive commenting.

[code]<?php # login.php

// Connect to the MySQL server and database.
require_once ('mysql_connect.php');

// Start the script when submitted.
if (isset($_POST['submit'])) {

// Verify that all required fields are completed.
if (!$_POST['username'] | !$_POST['password']) {
die ('You must enter a username and password.'); }

// Query the database for user information.
$auth = "SELECT username, password FROM users WHERE username=('".$_POST['username']."') AND password=sha1('".$_POST['password']."')";
$result = mysql_query ($auth) OR die ('Cannot execute the query.');

// If authentication is successful...
if ($auth) {
echo 'You are now logged in.';
exit(); }

// Close the connection to the server and database.
mysql_close();

// End of script.
}
?>[/code]
Link to comment
Share on other sites
Orio Member

Orio

Posted
Posted
You never defined $auth. Try this:

[code]<?php # login.php

// Connect to the MySQL server and database.
require_once ('mysql_connect.php');

// Start the script when submitted.
if (isset($_POST['submit'])) {

// Verify that all required fields are completed.
if (!$_POST['username'] || !$_POST['password']) {
die ('You must enter a username and password.'); }

// Query the database for user information.
$auth = "SELECT username, password FROM users WHERE username=('".$_POST['username']."') AND password=sha1('".$_POST['password']."')";
$result = mysql_query ($auth) OR die ('Cannot execute the query.');
$auth = mysql_num_rows($result);

// If authentication is successful...
if ($auth) {
echo 'You are now logged in.';
exit(); }

// Close the connection to the server and database.
mysql_close();

// End of script.
}
?>[/code]

I also fixed another problem- the sign for "OR" in if's is || and not a single |.
Btw, you should read about SQL-injections, your script is not secure.

Orio.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.