Jump to content

[SOLVED] in this login script, why i always get "Incorrect password"


Recommended Posts

Hi friends,

I'm new to php, searched "php login page" on google and get this script as the first link. So I think the script has no problem. But when I run it on my localhost, I always got Incorrect password message. It recognize the usernames, but not passwords. What might be my problem? I also have several questions put in the script marked with  (????  ????).

Thanks in advance.

 

followed is the script:

 

<?php

// Connects to your Database

mysql_connect("localhost", "root", "") or die(mysql_error());

mysql_select_db("login") or die(mysql_error());

 

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))

 

//if there is, it logs you in and directes you to the members page

{

$username = $_COOKIE['ID_my_site'];

$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

 

 

while($info = mysql_fetch_array( $check ))

{

if ($pass != $info['password'])

{

}

else

{

header("Location: members.php");

 

}

}

}

 

//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted

 

// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {

die('You did not fill in a required field.');

}

// checks it against the database

 

 

if (!get_magic_quotes_gpc()) {

$_POST['email'] = addslashes($_POST['email']);

}

 

(??????????????????? What is the 'email' referring to? i have no email in the database ?????????????????)

 

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 

 

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);

if ($check2 == 0) {

die('That user does not exist in our database.

<a href=add.php>Click Here to Register</a>');

}

 

(??????????????user name check don't have problem.

Can password be checked in this way?????????????????)

 

while($info = mysql_fetch_array( $check ))

 

{

$_POST['pass'] = stripslashes($_POST['pass']);

$info['password'] = stripslashes($info['password']);

$_POST['pass'] = md5($_POST['pass']);

 

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {

die('Incorrect password, please try again.');

}

 

(??????????????????????

I always get this message. what might be the problem?

The password i put in login page somehow doesnt match the database. (whether the password is encrypted or not in the database)

1. Can I add an echo here to let the screen show what I get from $_POST['pass'] and $info['password]' ?

2. Why the process of checking password looks so different than checking the username, can they be check together in the same way?

??????????????????????)

 

else

{

 

// if login is ok then we add a cookie

$_POST['username'] = stripslashes($_POST['username']);

$hour = time() + 3600;

setcookie(ID_my_site, $_POST['username'], $hour);

setcookie(Key_my_site, $_POST['pass'], $hour);

 

//then redirect them to the members area

header("Location: members.php");

}

}

}

else

{

 

// if they are not logged in

?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<table border="0">

<tr><td colspan=2><h1>Login</h1></td></tr>

<tr><td>Username:</td><td>

<input type="text" name="username" maxlength="40">

</td></tr>

<tr><td>Password:</td><td>

<input type="password" name="pass" maxlength="50">

</td></tr>

<tr><td colspan="2" align="right">

<input type="submit" name="submit" value="Login">

</td></tr>

</table>

</form>

<?php

}

 

?>

those are some stupid thigns to put in cookies.  Never store anything in a cookie you don't need.  You will should have a last login date/time and a userId of that user, nothing more really for the cookies as it could be a security threat.

I just figured out the reason:

 

When I set up the table in MySQL, I set the length of password at 30. (although I have never seen a password that long!) But when a password such as "1111" is md5 encrypted, it become 32 characters long, and was trunked into 30 in the database, which couldn't match the "1111" entered in the login form.  So it always give out a 'Incorrect password, please try again.'

 

 

 

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.