Password Confirmation HELP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Tenaciousmug
Forum Newbie
Posts: 3
Joined: Wed Jun 16, 2010 8:25 pm

Password Confirmation HELP

Post by Tenaciousmug »

Ok this is my whole code to the login/registration. I have finally got the real_escape_string's to work finally, but I have a username, Dyl, in the database with the password assigned to it. Well everytime I log in with it, it is saying "Dyl is an existing username, but the password is not correct" when it is.. So obviously there is a simple error SOMEWHERE. And I just cant' find it. Hopefully someone can help me with this.

Code: Select all

<?php
session_start();
switch (@$_POST['Button'])
{
	case "Log in":
	include("haha.php");
	$cxn = mysqli_connect($host,$user,$password,$database);
	$fusername = $cxn->real_escape_string($_POST['fusername']);
	$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername'";
	$result = mysqli_query($cxn,$sql) or die("Query died: fusername");
	$num = mysqli_num_rows($result);
	if($num > 0)
	//username was found
	{
		$fpassword = $cxn->real_escape_string($_POST['fpassword']);
		$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername' AND `password`=md5('$fpassword')";
		$result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword");
		$num = mysqli_num_rows($result2);
		if($num > 0) //password matches
		{
			$_SESSION['auth']="yes";
			$_SESSION['username'] = $fusername;
			$sql = "INSERT INTO Login (username,loginTime) VALUES ('$fusername',NOW())";
			$result = mysqli_query($cxn,$sql) or die("Query died: insert");
			header("Location: testing.php");
		}
		else
		{
			$message_1="The username, '$fusername' exists. However you have not entered the correct password! Please try again.";
			$fusername=strip_tags(trim($fusername));
			include("login_form2.php");
		}
	}
	else // username was not found
	{
		$message_1 = "The username you entered does not exist! Please try again.";
		include("login_form2.php");
	}
	break;

	case "Register":
	/* Check for blanks */
	foreach($_POST as $field => $value)
	{
		if(empty($value))
		{
			$blanks[] = $field;
		}
		else
		{
			$good_data[$field] = strip_tags(trim($value));
		}
	}
	if(isset($blanks))
	{
		$message_2 = "The following fields are blank. Please enter the required information: ";
		foreach($blanks as $value)
		{
		$message_2 .="$value, ";
		}
		extract($good_data);
		include("login_form2.php");
		exit();
	}
	/* validate data */
	foreach($_POST as $field => $value)
	{
		if(!empty($value))
		{
			if(preg_match("/name/i",$field) and !preg_match("/user/i",$field) and !preg_match("/log/i",$field))
			{
				if(!preg_match("/^[A-Za-z' -]{1,15}$/",$value))
				{
					$errors[] = "$value is not a valid name. ";
				}
			}
			if(preg_match("/email/i",$field))
			{
				if(!preg_match("/^.+@.+\\..+$/",$value))
				{
					$errors[]="$value is not a valid email address.";
				}
			}
		} // end if not empty
	}
	foreach($_POST as $field => $value)
	{
		$$field = strip_tags(trim($value));
	}
	if(@is_array($errors))
	{
		$message_2 = "";
		foreach($errors as $value)
		{
			$message_2 .= $value." Please try again";
		}
		include("login_form2.php");
		exit();
	} //end if errors are found

	/* check to see if username already exists */
	include("haha.php");
	$cxn = mysqli_connect($host,$user,$password,$database) or die("Couldn't connect to server");
	$username = $cxn->real_escape_string($username);
	$sql = "SELECT `username` FROM `Member` WHERE `username`='$username'";
	$result = mysqli_query($cxn,$sql) or die("Query died: username.");
	$num = mysqli_num_rows($result);
	if($num > 0)
	{
		$message_2 = "$username already exists. Select another username.";
		include("login_form2.php");
		exit();
	} // end if username already exists
	else // add new member to database
	{
		$sql = "INSERT INTO Member (username,createDate,password,firstName,email) VALUES ('$username',NOW(),md5('$password'),'$firstName','$email')";
		mysqli_query($cxn,$sql);
		$_SESSION['auth']="yes";
		$_SESSION['username'] = $username;
		header("Location: testing.php");
	}
	break;

	default:
	include("login_form2.php");
}
?>
User avatar
PHPHorizons
Forum Contributor
Posts: 175
Joined: Mon Sep 14, 2009 11:38 pm

Re: Password Confirmation HELP

Post by PHPHorizons »

Hello Tenaciousmug,

I don't see anything right off the bat. Have you tried to do something like echoing out the md5 hash of your password and comparing that to what is stored in the db? Doing that will tell us right away if the problem is on the registration or login side of things.

You can make a script and hard code your password so that you can see what it is hashed:

Code: Select all

<?php
echo md5('my_password');
Cheers
Tenaciousmug
Forum Newbie
Posts: 3
Joined: Wed Jun 16, 2010 8:25 pm

Re: Password Confirmation HELP

Post by Tenaciousmug »

Umm... I'm REALLY confused on what you are saying, but I hope whatever you're saying works. But I don't really know where to begin since I don't really understand what you're saying.
But thank you for being so nice. I really do appreciate that. I have people helping me that are VERY rude..
User avatar
PHPHorizons
Forum Contributor
Posts: 175
Joined: Mon Sep 14, 2009 11:38 pm

Re: Password Confirmation HELP

Post by PHPHorizons »

Make a new PHP script with the following code:

Code: Select all

<?php
echo md5('my_password');
Replace 'my_password' with your actual password.

Run the script.

See the result of the script. You will see a 32 character length string appear on the page. Copy that result and paste it into an empty text file.

Open up your database using phpMyAdmin or whatever program you use to view your database with.

Run the following query: SELECT `password` FROM `Member`

You may get multiple results. Compare the 32 character length string you copied in the text file to the results from that query. See if you find any matches.

Cheers
Post Reply