iisthesloth Posted July 31, 2007 Share Posted July 31, 2007 Hey, for some reason everytime I try logging in, it is saying there is an incorrect password or email, though there is not. Can anyone find an error which may cause this? Thanks alot... <? if (isset($_POST['submitted'])) { require_once ('../mysql_rolldc_connect.php'); if (!empty($_POST['email'])) { $e = escape_data($_POST['email']); } else { echo "<script language='JavaScript'> alert('You forgot to enter your email address'); </script>"; $e = FALSE; } if (!empty($_POST['pass'])) { $p = escape_data($_POST['pass']); } else { echo "<script language='JavaScript'> loginView('toggleText'); </script>"; $p = FALSE; } if ($e && $p) { $query = "SELECT user_id, first_name FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br /> MySQL Error: " . mysql_error()); if (@mysql_num_rows($result) == 1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); $_SESSION['first_name'] = $row[1]; $_SESSION['user_id'] = $row[0]; $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); } $url .= '/index1.php'; ob_end_clean(); header("Location: $url"); exit(); } else { echo "<script language='JavaScript'> alert('Incorrect Email or Password'); </script>"; } } else { echo "<script language='JavaScript'> alert('Please try again'); </script>"; } } ?> <div id="interface"> <ul> <li><a href="javascript:loginView('toggleText');" id="switch">Login</a><a href="#" id="forgotpass">Forgot Password?</a></li> <li><a href="/traderp/register.php">Register</a></li> </ul> <div class="loginTextarea" id="toggleText"> <form action="index2.php" method="post"> <div class="username"><h5>:: Email</h5> <input type="text" name="email" value="<? if (isset($_POST['email'])) echo $_POST['email']; ?>" class="username" rows="10" cols="10"></textarea></div> <div class="password"><h5 class="password">:: Password</h5> <input type="password" name="pass" class="password" rows="10" cols="10"></textarea> <input type="submit" name="submit" value="Login" /> <input type="hidden" name="submitted" value="TRUE" /></div> </form> </div> </div> Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/ Share on other sites More sharing options...
iisthesloth Posted July 31, 2007 Author Share Posted July 31, 2007 Oh yeah, I'm using PHP 5... Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312273 Share on other sites More sharing options...
iisthesloth Posted August 1, 2007 Author Share Posted August 1, 2007 Anyone have any idea at all?? This is really stumpin' me Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312611 Share on other sites More sharing options...
NerdConcepts Posted August 1, 2007 Share Posted August 1, 2007 I've set here and looked at your code, doesn't seem to be anything wrong with it, hows your database look? Maybe if I know what the fields in "users" look like maybe I can figure out what is going on. Although I have never used NULL as a activation value. I tend to use something like "TRUE" if they are activated, just to give the field a value. Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312621 Share on other sites More sharing options...
iisthesloth Posted August 1, 2007 Author Share Posted August 1, 2007 Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312625 Share on other sites More sharing options...
mrjcfreak Posted August 1, 2007 Share Posted August 1, 2007 As always, print_r($_REQUEST) and see what the variables are doing at the times you need them. A simple trim(), stripslashes() or str_to_lower() might fix it. And do you mean sha1 instead of sha? I'm just guessing, I'm not an SQL expert. Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312629 Share on other sites More sharing options...
iisthesloth Posted August 1, 2007 Author Share Posted August 1, 2007 hmm, i got this with the print_r($_REQUEST) Array ( => [email protected] [pass] => password [submit] => Login [submitted] => TRUE ) Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312634 Share on other sites More sharing options...
mrjcfreak Posted August 1, 2007 Share Posted August 1, 2007 try sha1($_POST['password']) and see if it matches up with that the SQL is looking for. Also remove AND pass=SHA('$p') from the query to see if it can match the email. Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312639 Share on other sites More sharing options...
iisthesloth Posted August 1, 2007 Author Share Posted August 1, 2007 SHA1 didn't work, i'm sure its encoded with SHA though. However when I took the AND pass=SHA('$p') where it trys to match it, it gave me this error from the mysql_error() function... Notice: Query: SELECT user_id, first_name FROM users WHERE (email='[email protected]')) MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 in /home/.navigator/iisthesloth/rolldc.com/index2.php on line 56 Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312645 Share on other sites More sharing options...
mrjcfreak Posted August 1, 2007 Share Posted August 1, 2007 You have too many closing parentheses. I meant in your PHP, just before your query, put echo sha1($_POST['password']) to see the encrypted string PHP is trying to match with the database... Sorry I can't offer a quick fix, I'm just going through all the things I'd do to debug... Link to comment https://forums.phpfreaks.com/topic/62729-help-with-login-code/#findComment-312649 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.