Jump to content

Login Problem need help

perezf

By perezf
in PHP Coding Help

 Share

Recommended Posts

perezf Advanced Member

perezf

Posted
Posted

I have this script that i have been writing to allow users to log into their account the only problem is once they click login it takes them back to the form to log in, meaning that it didnt work am i missing something here. can someone please help me? :-[

 

login form:

<html>
<head><title>Client Login</title></head>
<body>
<form action="client_login_process.php" method="POST">
	<label>Your Domain Name: </label><input type="text" name="txtDomainName"><br>
	<label>Your UserName: </label><input type="text" name="txtUserId"><br>
	<label>Your Password: </label><input type="text" name="txtPassword"><br>
	<label>Your PinCode: </label><input type="text" name="txtPin"><br>
	<input type="submit" value="Login to Your Account">
</form>
</body>
</html>

 

login script:

<?php
// we must never forget to start the session
session_start(); 
$errorMessage = '';
if (isset($_POST['txtDomainName']) && isset($_POST['txtUserId']) && isset($_POST['txtPassword']) && isset($_POST['txtPin'])) {

include('includes/db_connect.inc.php');

   $website_url = $_POST['txtDomainName'];
   $support_username = $_POST['txtUserId'];
   $support_password = $_POST['txtPassword'];
   $support_pin = $_POST['txtPin'];

   // check if the user id and password combination exist in database
   $sql = "SELECT website_url 
           FROM client_information
           WHERE website_url = '$website_url'
           		 AND support_username = '$support_username' 
                 AND support_password = PASSWORD('$support_password')
   				 AND support_pin = '$support_pin'";

   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 

   if (mysql_num_rows($result) == 1) {
      // the user id and password match, 
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: support_main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password / pin';
      header('Location: index.php');
   }

}
?>

Link to comment
https://forums.phpfreaks.com/topic/66749-login-problem-need-help/
Share on other sites
perezf Advanced Member

perezf

Posted
  • Author
Posted

Heres my SQL Table figured i would add it in

CREATE TABLE `client_information` (
  `client_id` int(11) NOT NULL auto_increment,
  `first_name` longtext NOT NULL,
  `last_name` longtext NOT NULL,
  `client_email` longtext NOT NULL,
  `phone_number` longtext NOT NULL,
  `cell_number` longtext NOT NULL,
  `business_number` longtext NOT NULL,
  `fax_number` longtext NOT NULL,
  `client_address` longtext NOT NULL,
  `company_name` longtext NOT NULL,
  `website_url` longtext NOT NULL,
  `support_username` longtext NOT NULL,
  `support_password` char(32) NOT NULL,
  `support_pin` int(4) NOT NULL,
  `ftp_username` longtext NOT NULL,
  `ftp_password` longtext NOT NULL,
  `ssh_username` longtext NOT NULL,
  `ssh_password` longtext NOT NULL,
  `cart_username` longtext NOT NULL,
  `cart_password` longtext NOT NULL,
  `hosting_plan` longtext NOT NULL,
  `maintenance_plan` longtext NOT NULL,
  PRIMARY KEY  (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

wildteen88 Regular Member

wildteen88

Posted
Posted

Change this block of code:

if (mysql_num_rows($result) == 1) {
      // the user id and password match, 
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: support_main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password / pin';
      header('Location: index.php');
   }

To the following to see what is happening:

    if (mysql_num_rows($result) == 1)
    {
        /*// the user id and password match,
        // set the session
        $_SESSION['db_is_logged_in'] = true;

        // after login we move to the main page
        header('Location: support_main.php');
        exit;*/

        echo 'Query return 1 result!';
    }
    else
    {
        /*$errorMessage = 'Sorry, wrong user id / password / pin';
        header('Location: index.php');*/

        echo 'Query did not return just 1 result. Query returned ' . mysql_num_rows($result) . ' results.<br />';
    }

I have commented out the existing code. What do you get now. The rest of the code looks fine, this includes the query too. I have a feeling that its to do with the if/else block at the end.

wildteen88 Regular Member

wildteen88

Posted
Posted

I didn't spot this earlier, but when use the MySQL PASSWORD function. This will generate a password hash the length of 41 characters. The way you have your database setup the the support_password field only holds 32 characters. So when you run your query MySQL is trying match a password like the following (passed in the query):

*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

To this (stored in the database)

*94BDCEBE19083CE2A1F959FD02F964C

 

Obviously those two strings will never match. Try setting the support_password field to a char length of 41 instead of 32. If you change the length of the support_password field you'll have to reset all the password stored within that field too.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.