Jump to content

[SOLVED] Can't login using mysql_real_escape_string


AdRock

Recommended Posts

I have my login form which works perfectly if I don't try using mysql_real_escape_string

 

I have a function which is called on the login form to check the username etc and returns a true or false value which will either log the user in or denie access.

 

I have tried using this on the login form but it returns a false value even though i know the username and password are correct

 

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

$result = user_login($username, $password);

 

Here is the login form

 

<?php
// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     // Try and login with the given username & pass
     $result = user_login($_POST['username'], $_POST['password']);

     if ($result != 'Correct')
     {
          // Reshow the form with the error
          $login_error = $result;
          include 'login_form.inc.php';
     }
     else
     {
          echo 'Thank you for logging in, <a href="index.php">click here</a> to go back.';
     } 
}
?>

<?php if (isset($login_error)) { ?>
There was an error: <?php echo $login_error; ?>, please try again.
<?php } ?>
<form action="login.php" method="post">

<b>Username:</b> <input type="text" size="20" maxlength="20" name="username" 
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />

<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />

<input type="submit" name="submit" value="Login" />
</form>

 

and here is the function that checks the username etc

 

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "select salt from user where username='$username' limit 1";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);

     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);

     // Try and get the user using the username & encrypted pass
     $query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
     $numrows = mysql_num_rows($result);

     // Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['userid']);
     $encrypted_name = md5($user['username']);

     // Store the data in the session
     $_SESSION['userid'] = $userid;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;


    if ($numrows == 1)
    {
        return 'Correct';
    }
    else
    {
        return false;
    }
}

Let me expand on that.

 

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $result = mysql_query("SELECT `username`, `userid` FROM `user` WHERE `username`='$username' and `password`='".md5($password)."'");

if(mysql_num_rows($result))
{
     // Store the data in the session
     $_SESSION['userid'] = $userid;
     $_SESSION['username'] = $username;
    return "Correct";
}
else
{
     return "Incorrect";
}
}

If i had validation that will only allow numbers and letters, will that stop SQL injection combined with a short maxlength on the input field.

 

If they  enter special characters it should return an error and also set the maxlength of the input field to something short

I have been testing my function to see when I escape what's in the text field, it won't log me in

 

I used this function and login page to see what was being set and it returned what i expected.  I saw the username, password, encrypted password and the salt in the database

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     $username = $_POST['username'];
     $password = $_POST['password'];

     // Try and login with the given username & pass
     $result = test($username, $password);
}
?>

function test($username, $password) 
{
     // Try and get the salt from the database using the username
     $query = "select `salt` from `users` where `username`='$username' limit 1";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);

     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);

     echo "1 ".$username."<br>";
     echo "2 ".$password."<br>";
     echo "3 ".$encrypted_pass."<br>";
     echo "4 ".$user['salt']."<br>";
}

 

When i used this login page it displayed no username, password or salt but displayed the encrypted password

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     $username = mysql_real_escape_string($_POST['username']);
     $password = mysql_real_escape_string($_POST['password']);

     // Try and login with the given username & pass
     $result = test($username, $password);
}
?>

 

Any ideas why this is happening?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.