PHP code - login help

[caedas]

I am customizing a PHP program for our website than someone else designed. After a lot of tinkering, I managed to get the majority of it working (to the best of my knowledge at least lol), but not one single person can login to the server.

 

I am not 100% sure on how our friends set it up (who made the code), but from talking with someone who understood a little, there was no need to create an account, because it used the forum accounts. Below is some of the code (some renamed for posting purposes), as well as the database build. I bolded/underlined parts I suspect:

 

$char_name = $_POST["memberName"];

 

$password  = $_POST["pass"];

 

 

 

if (strlen($char_name) == 0 || !isAlphaNumeric($char_name))

 

{

 

httpRedirect("login.php?error=" . urlencode("Username must be only characters"));

 

}

 

 

 

if (strlen($password) == 0 || !isAlphaNumeric($password))

 

{

 

httpRedirect("login.php?error=" . urlencode("Invalid password"));

 

}

 

$authQuery = "SELECT memberName, pass, passwordSalt FROM forum_user_table WHERE LOWER(username)='" . strtolower($char_name) . "'";

 

$connect = mysql_connect("server", "username", "password") or die("Cannot connect.");

 

mysql_select_db("forum_database") or die("Cannot access DB.");

 

$sth = mysql_query($authQuery, $connect) or die("Error in query, unable to retrieve password.");

 

mysql_close($connect);

 

 

if (mysql_num_rows($sth) == 0) httpRedirect("login.php?error=" . urlencode("Invalid username or password"));

 

 

 

$row = mysql_fetch_assoc($sth);

 

if (md5(md5($password). $row["passwordSalt"]) != $row["passwd"]) httpRedirect("login.php?error=" . urlencode("Invalid username or password"));

 

The error we get is: "Error: Username must be characters only". This is the database for our SMF forums...a different database than we use for the main part of the program, but just incase there is something in it that is causing the problem, here is the SQL lines for its construction:

 

 

 

-- Table "forum_database" DDL

 

CREATE TABLE `forum_database` (

  `ID_MEMBER` mediumint( unsigned NOT NULL auto_increment,

  `memberName` varchar(80) NOT NULL default '',

  `dateRegistered` int(10) unsigned NOT NULL default '0',

  `posts` mediumint( unsigned NOT NULL default '0',

  `ID_GROUP` smallint(5) unsigned NOT NULL default '0',

  `lngfile` tinytext NOT NULL,

  `lastLogin` int(10) unsigned NOT NULL default '0',

  `passwordSalt` varchar(5) NOT NULL default '',

  - lots of other user info that isn't in the code...

 

  PRIMARY KEY  (`ID_MEMBER`),

  KEY `memberName` (`memberName`(30)),

  KEY `dateRegistered` (`dateRegistered`),

  KEY `ID_GROUP` (`ID_GROUP`),

  KEY `birthdate` (`birthdate`),

  KEY `posts` (`posts`),

  KEY `lastLogin` (`lastLogin`),

  KEY `lngfile` (`lngfile`(30)),

  KEY `ID_POST_GROUP` (`ID_POST_GROUP`)

) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;

 

 

If anyone can help me out, I would greatly appreciate it. Also, if more info is needed than would be able to be posted, please feel free to PM me.

 

Thank you all very much!

[jeet_0077]

Well after seeing the code

if (strlen($char_name) == 0 || !isAlphaNumeric($char_name))[/u]

 

{

 

httpRedirect("login.php?error=" . urlencode("Username must be only characters"));[/u]

 

}

 

This part is validating if the entered login id is alpha numeric or not. It may happen that there is some special character in the login which is creating the problem.

 

Can u please post the entire login script and the db structure for that table so that I can have a better idea why this is happening.