Jump to content

Recommended Posts

Hey there, I am making a simple login script, the only problem is that I only need the username to login, if I enter any password but the correct username I can still log in using that username without knowing the password.

Here is the script:

<?PHP

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = sha1($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "******";
$dbDatabase = "users";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from main where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable

  session_start();
  session_register('username');

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: searchlogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }

  ?>


Thanks for any assistance.

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/
Share on other sites

here... try this :-)

 

<?PHP
session_start();
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "******";
$dbDatabase = "users";

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$user = addslashes($_POST['username']);
$pass = sha1($_POST['password']);
$result=mysql_query("select * from `main` where `username`='$user' AND `password`='$pass' LIMIT 1");

if(mysql_num_rows($result)==1){
$_SESSION[user]=mysql_fetch_assoc($query);
echo 'Success!';
header( "Location: searchlogin.php" );
}else {
echo 'Incorrect login name or password. Please try again.';
}
?>

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352611
Share on other sites

Ok so I made a new database (ID, username, password) added a user to it, but now it just says that the password is incorrect...

Here is the coad now:

<?PHP
session_start();
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "*******";
$dbDatabase = "users";

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$user = addslashes($_POST['username']);
$pass = sha1($_POST['password']);

$result=mysql_query("SELECT * FROM `simple` WHERE `username`='$user' AND `password`='$pass' LIMIT 1");

if(mysql_num_rows($result)==1){
$_SESSION[user]=mysql_fetch_assoc($query);
echo 'Success!';
header( "Location: searchlogin.php" );
}else {
echo 'Incorrect login name or password. Please try again.';
}
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352627
Share on other sites

this should display some useful data,

 

<?PHP
session_start();
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "*******";
$dbDatabase = "users";

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$user = addslashes($_POST['username']);
$pass = sha1($_POST['password']);
echo "User: $user<br>Pass: $pass<br>";

//removed for debugging
#$result=mysql_query("SELECT * FROM `simple` WHERE `username`='$user' AND `password`='$pass' LIMIT 1");
//debug
$result=mysql_query("SELECT * FROM `simple` WHERE `username`='$user'");
echo "<pre>";print_r($result);
die;

if(mysql_num_rows($result)==1){
$_SESSION[user]=mysql_fetch_assoc($query);
echo 'Success!';
header( "Location: searchlogin.php" );
}else {
echo 'Incorrect login name or password. Please try again.';
}
?>

 

also check both the database password and the encrypted the same way

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352634
Share on other sites

Change this:

$result=mysql_query("SELECT * FROM `simple` WHERE `username`='$user'");
echo "<pre>";print_r($result);
die;

 

To this:

$result=mysql_query("SELECT * FROM `simple` WHERE `username`='$user'");
$row = mysql_fetch_assoc($result);
echo "<pre>";print_r($row);
die;

 

and try it again.

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352647
Share on other sites

When I enter allyant and a password that is not correct the $username gets hashed but the database output stays the same, example:

username: allyant password: 1234:

User: allyant
Pass: 7110eda4d09e062aa5e4a390b0a572ac0d2c0220

Array
(
    [id] => 1
    [username] => allyant
    [password] => 206c80413b9a96c1312cc346b7d2517b84463edd
)

 

When I change the username to aa and the password to aaa I get:

User: aa
Pass: 7e240de74fb1ed08fa08d38063f6a6a91462a815

 

(note that I only currently have one field on the database:

Username: allyant

Password: 206c80413b9a96c1312cc346b7d2517b84463edd

)

 

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352655
Share on other sites

Ok, finily got it working :D

I have no idea what was wrong with it. Here was my final code:

<?PHP
$dbHost = "localhost";
$dbUser = "root";
$dbPass = "******";
$dbDatabase = "users";

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$user = addslashes($_POST['username']);
$pass = sha1($_POST['password']);
$result = mysql_query("SELECT * FROM `simple` WHERE `username` = '{$user}' AND `password`='{$pass}'");

if(mysql_num_rows($result)==1){
  session_start();
  session_register('username');

  //successful login code will go here...
  echo 'Success!';
}else {
echo 'Incorrect login name or password. Please try again.';
}
?>

Link to comment
https://forums.phpfreaks.com/topic/70203-solved-login-script/#findComment-352696
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.