Jump to content

[SOLVED] Can't login using mysql_real_escape_string

AdRock

By AdRock
in PHP Coding Help

Recommended Posts

AdRock Advanced Member

AdRock

Posted
Posted

I have my login form which works perfectly if I don't try using mysql_real_escape_string

 

I have a function which is called on the login form to check the username etc and returns a true or false value which will either log the user in or denie access.

 

I have tried using this on the login form but it returns a false value even though i know the username and password are correct

 

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

$result = user_login($username, $password);

 

Here is the login form

 

<?php
// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     // Try and login with the given username & pass
     $result = user_login($_POST['username'], $_POST['password']);

     if ($result != 'Correct')
     {
          // Reshow the form with the error
          $login_error = $result;
          include 'login_form.inc.php';
     }
     else
     {
          echo 'Thank you for logging in, <a href="index.php">click here</a> to go back.';
     } 
}
?>

<?php if (isset($login_error)) { ?>
There was an error: <?php echo $login_error; ?>, please try again.
<?php } ?>
<form action="login.php" method="post">

<b>Username:</b> <input type="text" size="20" maxlength="20" name="username" 
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/><br />

<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />

<input type="submit" name="submit" value="Login" />
</form>

 

and here is the function that checks the username etc

 

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "select salt from user where username='$username' limit 1";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);

     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);

     // Try and get the user using the username & encrypted pass
     $query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
     $numrows = mysql_num_rows($result);

     // Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['userid']);
     $encrypted_name = md5($user['username']);

     // Store the data in the session
     $_SESSION['userid'] = $userid;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;


    if ($numrows == 1)
    {
        return 'Correct';
    }
    else
    {
        return false;
    }
}

xyn Advanced Member

xyn

Posted
Posted

Let me expand on that.

 

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $result = mysql_query("SELECT `username`, `userid` FROM `user` WHERE `username`='$username' and `password`='".md5($password)."'");

if(mysql_num_rows($result))
{
     // Store the data in the session
     $_SESSION['userid'] = $userid;
     $_SESSION['username'] = $username;
    return "Correct";
}
else
{
     return "Incorrect";
}
}

AdRock Advanced Member

AdRock

Posted
  • Author
Posted

If i had validation that will only allow numbers and letters, will that stop SQL injection combined with a short maxlength on the input field.

 

If they  enter special characters it should return an error and also set the maxlength of the input field to something short

AdRock Advanced Member

AdRock

Posted
  • Author
Posted

I have been testing my function to see when I escape what's in the text field, it won't log me in

 

I used this function and login page to see what was being set and it returned what i expected.  I saw the username, password, encrypted password and the salt in the database

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     $username = $_POST['username'];
     $password = $_POST['password'];

     // Try and login with the given username & pass
     $result = test($username, $password);
}
?>

function test($username, $password) 
{
     // Try and get the salt from the database using the username
     $query = "select `salt` from `users` where `username`='$username' limit 1";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);

     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);

     echo "1 ".$username."<br>";
     echo "2 ".$password."<br>";
     echo "3 ".$encrypted_pass."<br>";
     echo "4 ".$user['salt']."<br>";
}

 

When i used this login page it displayed no username, password or salt but displayed the encrypted password

<?php

// Include init file
include 'init.php';

if (!isset($_POST['submit']))
{
     // Show the form
     include 'login_form.inc.php';
}
else
{
     $username = mysql_real_escape_string($_POST['username']);
     $password = mysql_real_escape_string($_POST['password']);

     // Try and login with the given username & pass
     $result = test($username, $password);
}
?>

 

Any ideas why this is happening?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.