[SOLVED] msg=auth_failed

[jimlawrnc]

Hello all:

 

I'm very new to php  and usually grab what I need from the web and make it work.  This time i'm stuck I followed a tutorial to create a authentication page  that queries a db for username & password.  i manually added myself to the table.  any examples of a php script to add a user and passwd to a table?  So on with the code..

 

index.php

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Member Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<form name="login-form" id="login-form" method="post" action="manage-check.php">
<fieldset>
	<legend>Member Login</legend>
	<dl>
		<dt><label title="Username">Username: <input tabindex="1" accesskey="u" name="username" type="text" maxlength="100" id="username" /></label></dt>
	</dl>
	<dl>
		<dt><label title="Password">Password: <input tabindex="2" accesskey="p" name="password" type="password" maxlength="14" id="password" /></label></dt>
	</dl>
	<dl>
		<dt><label title="Submit"><input tabindex="3" accesskey="l" type="submit" name="submit" value="Login" /></label></dt>
	</dl>
</fieldset>
</form>

</body>
</html>

 

manage-check.php

<?php
session_start();
include('db.php');

if(isset($_POST['submit'])) :
// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash
$username = strip_tags($_POST['username']);
$password = sha1(strip_tags($_POST['password']));

// Make the query a wee-bit safer
$query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));

$result = mysql_query($query);
if(1 != mysql_num_rows($result)) :
	// MySQL returned zero rows (or there's something wrong with the query)
	header('Location: index.php?msg=login_failed');
else :
	// We found the row that we were looking for
	$row = mysql_fetch_assoc($result);

	// Register the user ID for further use
	$_SESSION['member_ID'] = $row['ID'];
	header('Location: members-only.php');
endif;
endif;
?>

 

functions.php

 

<?php
function user_info($field='') {

// If $field is empty
if(empty($field))

	return false;

// Check to see if we're allowed to query the requested field.
// If we add other fields, such as name, e-mail etc, this array
// will have to be extended to include those fields.
$accepted = array('username', 'user_password');
if(!in_array($field, $accepted)) 
	return false;

// Poll the database
$result = mysql_query("SELECT ". $field ." FROM members WHERE ID = ". $_SESSION['member_ID'] .";");
// If we don't find any rows
if(1 != mysql_num_rows($result)) :
	return false;
else :
	// We found the row that we were looking for
	$row = mysql_fetch_assoc($result);
	// Return the field
	return $row[$field];
endif;

} // end user_info

// To print the user name
print user_info('username');


?>

 

the db is mysql 

 

db.php

 

<?php
define('SQL_USER', 'username');
define('SQL_PASS', 'passwd');
define('SQL_DB',   'database');

// Create a link to the database server
$link = mysql_connect('localhost', SQL_USER, SQL_PASS);
if(!$link) :
die('Could not connect: ' . mysql_error());
endif;

// Select a database where our member tables are stored
$db = mysql_select_db(SQL_DB, $link);
if(!$db) :
die ('Can\'t connect to database : ' . mysql_error());
endif;
?>

 

I tried just browsing db.php  and there was no error printed on the screen. so i have to believe the issue is not there. 

[jimlawrnc]

I figured it out  the password field in the database needs to be encrypted with sha1