nyzach Posted January 15, 2008 Share Posted January 15, 2008 Hi friends, I'm new to php, searched "php login page" on google and get this script as the first link. So I think the script has no problem. But when I run it on my localhost, I always got Incorrect password message. It recognize the usernames, but not passwords. What might be my problem? I also have several questions put in the script marked with (???? ????). Thanks in advance. followed is the script: <?php // Connects to your Database mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("login") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } (??????????????????? What is the 'email' referring to? i have no email in the database ?????????????????) $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } (??????????????user name check don't have problem. Can password be checked in this way?????????????????) while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } (?????????????????????? I always get this message. what might be the problem? The password i put in login page somehow doesnt match the database. (whether the password is encrypted or not in the database) 1. Can I add an echo here to let the screen show what I get from $_POST['pass'] and $info['password]' ? 2. Why the process of checking password looks so different than checking the username, can they be check together in the same way? ??????????????????????) else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Quote Link to comment https://forums.phpfreaks.com/topic/86140-solved-in-this-login-script-why-i-always-get-incorrect-password/ Share on other sites More sharing options...
trq Posted January 15, 2008 Share Posted January 15, 2008 Can you please use tags so we can decifer your code and your questions? Quote Link to comment https://forums.phpfreaks.com/topic/86140-solved-in-this-login-script-why-i-always-get-incorrect-password/#findComment-439906 Share on other sites More sharing options...
papaface Posted January 15, 2008 Share Posted January 15, 2008 Try removing the stripslashes() and make sure that (if it is md5 in your db) that you are checking it against an md5 string. Quote Link to comment https://forums.phpfreaks.com/topic/86140-solved-in-this-login-script-why-i-always-get-incorrect-password/#findComment-439909 Share on other sites More sharing options...
cooldude832 Posted January 15, 2008 Share Posted January 15, 2008 those are some stupid thigns to put in cookies. Never store anything in a cookie you don't need. You will should have a last login date/time and a userId of that user, nothing more really for the cookies as it could be a security threat. Quote Link to comment https://forums.phpfreaks.com/topic/86140-solved-in-this-login-script-why-i-always-get-incorrect-password/#findComment-439925 Share on other sites More sharing options...
nyzach Posted January 18, 2008 Author Share Posted January 18, 2008 I just figured out the reason: When I set up the table in MySQL, I set the length of password at 30. (although I have never seen a password that long!) But when a password such as "1111" is md5 encrypted, it become 32 characters long, and was trunked into 30 in the database, which couldn't match the "1111" entered in the login form. So it always give out a 'Incorrect password, please try again.' Quote Link to comment https://forums.phpfreaks.com/topic/86140-solved-in-this-login-script-why-i-always-get-incorrect-password/#findComment-442375 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.