jimlawrnc Posted November 2, 2007 Share Posted November 2, 2007 Hello all: I'm very new to php and usually grab what I need from the web and make it work. This time i'm stuck I followed a tutorial to create a authentication page that queries a db for username & password. i manually added myself to the table. any examples of a php script to add a user and passwd to a table? So on with the code.. index.php <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Member Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <form name="login-form" id="login-form" method="post" action="manage-check.php"> <fieldset> <legend>Member Login</legend> <dl> <dt><label title="Username">Username: <input tabindex="1" accesskey="u" name="username" type="text" maxlength="100" id="username" /></label></dt> </dl> <dl> <dt><label title="Password">Password: <input tabindex="2" accesskey="p" name="password" type="password" maxlength="14" id="password" /></label></dt> </dl> <dl> <dt><label title="Submit"><input tabindex="3" accesskey="l" type="submit" name="submit" value="Login" /></label></dt> </dl> </fieldset> </form> </body> </html> manage-check.php <?php session_start(); include('db.php'); if(isset($_POST['submit'])) : // Username and password sent from signup form // First we remove all HTML-tags and PHP-tags, then we create a sha1-hash $username = strip_tags($_POST['username']); $password = sha1(strip_tags($_POST['password'])); // Make the query a wee-bit safer $query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password)); $result = mysql_query($query); if(1 != mysql_num_rows($result)) : // MySQL returned zero rows (or there's something wrong with the query) header('Location: index.php?msg=login_failed'); else : // We found the row that we were looking for $row = mysql_fetch_assoc($result); // Register the user ID for further use $_SESSION['member_ID'] = $row['ID']; header('Location: members-only.php'); endif; endif; ?> functions.php <?php function user_info($field='') { // If $field is empty if(empty($field)) return false; // Check to see if we're allowed to query the requested field. // If we add other fields, such as name, e-mail etc, this array // will have to be extended to include those fields. $accepted = array('username', 'user_password'); if(!in_array($field, $accepted)) return false; // Poll the database $result = mysql_query("SELECT ". $field ." FROM members WHERE ID = ". $_SESSION['member_ID'] .";"); // If we don't find any rows if(1 != mysql_num_rows($result)) : return false; else : // We found the row that we were looking for $row = mysql_fetch_assoc($result); // Return the field return $row[$field]; endif; } // end user_info // To print the user name print user_info('username'); ?> the db is mysql db.php <?php define('SQL_USER', 'username'); define('SQL_PASS', 'passwd'); define('SQL_DB', 'database'); // Create a link to the database server $link = mysql_connect('localhost', SQL_USER, SQL_PASS); if(!$link) : die('Could not connect: ' . mysql_error()); endif; // Select a database where our member tables are stored $db = mysql_select_db(SQL_DB, $link); if(!$db) : die ('Can\'t connect to database : ' . mysql_error()); endif; ?> I tried just browsing db.php and there was no error printed on the screen. so i have to believe the issue is not there. Link to comment https://forums.phpfreaks.com/topic/75726-solved-msgauth_failed/ Share on other sites More sharing options...
jimlawrnc Posted November 2, 2007 Author Share Posted November 2, 2007 I figured it out the password field in the database needs to be encrypted with sha1 Link to comment https://forums.phpfreaks.com/topic/75726-solved-msgauth_failed/#findComment-383230 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.