Jump to content

[SOLVED] Help debugging this login script

Trium918

By Trium918
in PHP Coding Help

 Share

Recommended Posts

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

I finally got this script working. Well not all the

way. I can only login with the user_name only.

I am still having problems with the password.

I tried the password() and MD5() neither works.

 

Here is my script:

<?php
session_start();
  
if (isset($_POST['user_name']) && isset($_POST['password']))
// they have just tried logging in
{
$user_name= $_POST['user_name'];
$password = $_POST['password'];
    if (login($user_name, $password))
    {
      // if they are in the database register the user id
      $valid_user = $user_name;
      $_SESSION['valid_user'] = $valid_user; // instead of session_register("valid_user");
    }  
    else
    {
      // unsuccessful login
      do_html_header("Problem:");
      echo "<p class='genmed'>You could not be logged in. 
            You must be logged in to view this page.</p>";
      do_html_url("index.php", "Login");
      do_html_footer();
      exit;
    }      
}
?>

 

<?php
function login($user_name, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = db_connect();
  if (!$conn)
    return 0;

  // check if username is unique
  $result = mysql_query("select * from members_info 
                         where user_name='$user_name'
                         and password = MD5('$password')"); // Isn't working
  if (!$result)
     return 0;
  
  if (mysql_num_rows($result)>0)
     return 1;
  else 
     return 0;
}
?>

AndyB Regular Member

AndyB

Posted
Posted

I suspect that the root cause of your problems is that you are not comparing what are supposed to be like items. Basically, the test you need to apply is that the user-entered password, when encrypted in the same manner as it was encrypted when added to the database, matches the database-stored value of the encypted password.  Somewhere in the slightly random post sequence in this thread that might have got confused.

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

I suspect that the root cause of your problems is that you are not comparing what are supposed to be like items. Basically, the test you need to apply is that the user-entered password, when encrypted in the same manner as it was encrypted when added to the database, matches the database-stored value of the encypted password.  Somewhere in the slightly random post sequence in this thread that might have got confused.

 

I was thinking something of the same.

 

This how I insert the password

<?php
$result = mysql_query("INSERT INTO members_info (members_id,user_name,first_name,last_name,gender,birth_month,birth_day,
birth_year,contact_number,email_address,register_date,password) VALUES(NULL,'$user_name','$first_name','$last_name'
,'$gender','$birth_month','$birth_day','$birth_year','$contact_number','$email_address',Now(),MD5('$password'))");
?>

 

Trying to get the password out right here

<?php
function login($user_name, $password)
// check username and password with db
// if yes, return true
// else return false
{
  // connect to db
  $conn = db_connect();
  if (!$conn)
    return 0;

  // check if username is unique
  $password = md5($_POST['password']);
  $result = mysql_query("select * from members_info 
                         where user_name='$user_name'
                         and password ='$password'");
  if (!$result)
     return 0;
  
  if (mysql_num_rows($result)>0)
     return 1;
  else 
     return 0;
}
?>

MadTechie Regular Member

MadTechie

Posted
Posted

i would do this, to keep the standard

 

<?php
  $password = $_POST['password'];
  $result = mysql_query("select * from members_info 
                         where user_name='$user_name'
                         and password =MD5('$password')");
?>

 

have you compared the md5 results?

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

and the one is the database is ?

 

also whats the field type in the database?

 

Sorry about that

<?php

$str = '123456789';
$str = md5($str);
echo $str;
// $str = 25f9e794323b453885f5181f1b624d0b

//but the database md5 = d41d8cd98f00b204e9800998ecf8427e
//Field type password varchar(32) not null
?>
[code]

[/code]

MadTechie Regular Member

MadTechie

Posted
Posted

what happens if you try this

 

Create new user (note the static name and password

INSERT INTO members_info (members_id,user_name,first_name,last_name,gender,birth_month,birth_day,
birth_year,contact_number,email_address,register_date,password) VALUES(NULL,'test','$first_name','$last_name'
,'$gender','$birth_month','$birth_day','$birth_year','$contact_number','$email_address',Now(),MD5('test'))");
?>

 

then

 

SELECT * FROM members_info WHERE  user_name='test' AND password=MD5('test');

 

 

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

what happens if you try this

 

Create new user (note the static name and password

INSERT INTO members_info (members_id,user_name,first_name,last_name,gender,birth_month,birth_day,
birth_year,contact_number,email_address,register_date,password) VALUES(NULL,'test','$first_name','$last_name'
,'$gender','$birth_month','$birth_day','$birth_year','$contact_number','$email_address',Now(),MD5('test'))");
?>

 

then

 

SELECT * FROM members_info WHERE  user_name='test' AND password=MD5('test');

 

User name = User2

Password = the same it didn't change database md5 = d41d8cd98f00b204e9800998ecf8427e

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

What, do you mean by "the same"

 

what was the result also where did user2 come form!

 

created a new user2 and password = 987654321 instead of

123456789

 

database md5() = d41d8cd98f00b204e9800998ecf8427e

The same as 123456789 password

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

I was also able to login using your method.

I guess that was what you were looking for.

Sorry again my son is sick, so it's hard to run

keep a clear head.

<?php
SELECT * FROM members_info WHERE  user_name='test' AND password=MD5('test');
?>

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

Could someone please explain to me why is the MD5() is

greating confuse from the form to the time it reaches the

database? I am also testing the value of MD5() before it goes

into the database and they aren't comparing.

 

Note: static password works

 

Test form and test_database

<?php
//require_once("db_fns.php");
function db_connect()
{
   $result = mysql_pconnect("localhost"); 
   if (!$result)
      return false;
   if (!mysql_select_db("test_database"))
      return false;

   return $result;
}

  $conn = db_connect();
  if (!$conn)
    return "Could not connect to database server - please try later.";

  $user_name = trim($_POST['user_name']);
  $password = trim($_POST['password']);
  
  $password_str = $password;
  $password_str = md5($password_str);
  
  // MD5() IS A PROMBLEM HERE
  $result = mysql_query("INSERT INTO test_info (test_id,user_name,password) 
  VALUES(NULL,'$user_name',MD5('$password'))");
  
  //MD5() IS CREATE HERE

  /*$result = mysql_query("INSERT INTO test_info (test_id,user_name,password) 
  VALUES(NULL,'$user_name',MD5('test'))");*/

?>
<form  method="post">
<table width="425" border="0" cellspacing="0" cellpadding="5" align="center" class="registration_form">
  <tr><td width="47%" class="gen">Username:<? echo $fill_in; ?></td>
   <td><input type="text" name="user_name" size="25" maxlength="25" /></td></tr>
  <tr><td width="47%" class="gen">Password:<? echo $fill_in; ?></td>
   <td><input type="text" name="password" size="30" maxlength="40" /></td></tr>
  <tr> <td colspan="2"><input type="submit" value="Submit" /></td></tr>
  <tr> <td colspan="2" align="center"><?php echo $password_str; ?></td></tr>
  </table>
</form>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.