Page 1 of 1

PHP Login Script is not Working

Posted: Sat Sep 25, 2010 4:36 am
by selvaganesh87
Am learning PHP, I have been trying for this login form for past four days, but i cant find the result and also cant find the bug in my query can any body here help me to find the error in my query. I will much thankful for them

This is the MYSQL Query i used

mysql> select * from users where password=password('god');
+--------+-------+-------------------------------------------+
| userID | name | password |
+--------+-------+-------------------------------------------+
| 1 | selva | *895DC6A9BBBCFCDB8B7FDB51FA0383A59F38C60E |
+--------+-------+-------------------------------------------+
1 row in set (0.00 sec)

mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userID | int(11) | | PRI | NULL | auto_increment |
| name | varchar(20) | | | | |
| password | varchar(50) | | | | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)

This is the PHP code i used to develop Login Form

<? session_start() ?>
<html>
<head>
<title>Log In Form</title>
</head>
<body>
<?
if($user && $pass) {
if($logged_in_user == $user) {
echo "Your Already Logged In";
echo $user. ", your already logged in";
exit;
}
$db = mysql_connect("localhost")or die("Cannot Connect");
mysql_select_db("userlist", $db)or die("Cannot Select Database");
$user = $_POST['user'];
$pass = $_POST['pass'];
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = "select * form users where name='$user'AND password=PASSWORD('$pass')";
//$query = "select * form users where name like '%$user%' ";
$result = mysql_query($query);
if(!$result) {
echo "error" .mysql_error();
exit;
}
if(mysql_num_rows($result) == 1) {
$logged_in_user = $user;
session_register("logged_in_user");
//echo $user.;
echo "Welcome" .$logged_in_user;
exit;
}
else {
echo "Invalid User Please try again";
}
}
else if($name || $pass)
{
echo "Please Enter Both The Field" ;
}
?>
<form action="Login.php" method="POST">
<H2>Enter Login Details</H2>
User Name:
<input type=text name="user"><BR><BR>
Password :
<input type=password name="pass"><BR><BR>
<input type=submit value="Login"><BR>
</form>
</body>
</html>

Re: PHP Login Script is not Working

Posted: Sun Sep 26, 2010 2:47 am
by JakeJ
The password is obviously encrypted but nothing in your script is decrypting the password before matching it with what the user entered. Or more correctly, you're not encrypting the user input to see if it matches the encrypted password stored in the file.

Give that a shot and then see what happens.

Re: PHP Login Script is not Working

Posted: Sun Sep 26, 2010 9:00 pm
by Jonah Bron
password=password('god');
Looks like he's using the SQL password function.