Page 1 of 1

Need help with my php code please

Posted: Sat Jul 23, 2011 10:11 am
by chris707
Hi im having trouble getting this code working correctly. It says
You could not be logged in! Either the username and password do not match or you have not validated your membership!
Please try again!

It shouldnt say this as i'm entering the correct members username and password. Please someone help me im really stuck

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body>
<br>
<?php include 'db.php'; // Conver to simple variables
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if((!$username) || (!$password)){
echo "Please enter ALL of the information! <br>
";
include 'login_form.html';
exit();
}
//Convert password to md5 hash
$password = md5($password);
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND
password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$key = stripslashes( $val );
}
// Register some session variables!
/*session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('referred_by');
$_SESSION['referred_by'] = $referred_by;
session_register('referral_code');
$_SESSION['referral_code'] = $referral_code;
session_register('partypoker_username');
$_SESSION['partypoker_username'] = $partypoker_username;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE
userid='$userid'");
header("Location: login_success.php");*/
}
} else {
echo "You could not be logged in! Either the username and password do
not match or you have not validated your membership!<br>
Please try again!<br>
";
include 'login_form.html';
}
?>
</body>
</html>

Re: Need help with my php code please

Posted: Sat Jul 23, 2011 1:09 pm
by phazorRise
it seems like query is not returning any valid result so it's jumping into else block. try-

Code: Select all

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND
WHERE password='$password' AND WHERE activated='1'");

Re: Need help with my php code please

Posted: Sat Jul 23, 2011 2:30 pm
by califdon
Are you sure that the user you are trying has been activated? Have you looked at the record for that user and does the 'activated' field contain a "1"? Then, is the 'activated' field an Integer or a VarChar type? If it is VarChar, do as phazorRise suggests.

Re: Need help with my php code please

Posted: Sat Jul 23, 2011 8:50 pm
by McInfo
phazorRise wrote:try-

Code: Select all

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND
WHERE password='$password' AND WHERE activated='1'");
"WHERE ... AND WHERE ..."? No.
chris707 wrote:Hi im having trouble getting this code working correctly.
What is stored in the database: the plain-text password or the MD5 hash? Does the password contain a quote that gets escaped by mysql_real_escape_string()? (Hashing the password makes it safe to use in the query--it's actually counter-productive to escape it first.) Is Magic Quotes enabled?

Re: Need help with my php code please

Posted: Sun Jul 24, 2011 4:26 pm
by chris707
I think the plain text password is stored is it the database password that i created if so i created my own password. I'm not sure what you mean by magic quotes. I'm still stuck on this. What is wrong in the script lol im really confused.

Re: Need help with my php code please

Posted: Sun Jul 24, 2011 4:52 pm
by califdon
You need to examine the data in your table, using phpMyAdmin or other MySQL administration panel. If you're storing the raw database password, you don't have any security at all, and there would be no need to use the MD5() encryption (hash) function, indeed it would cause your system to fail. The normal thing to do is store ONLY the encrypted MD5 (or better, SHA1) encrypted password in the database, NOT the raw password. Once it is stored, it is impossible (well, nearly) to recover a forgotten password, but also effectively impossible to hack the password. When someone logs in, you take their raw password, encrypt it, then compare that with what is stored, even though you don't know the raw password that was used. Since your code for logging in performs this encryption, I would assume that your sign-up code does, likewise. Now if you possibly entered a raw password in your table without encrypting it, then of course your script won't work, because it is trying to match an encrypted version. The MD5() function produces a 32-character hex string that may look something like this: 45A96F382D027E7719B481A04F9E27C4

Re: Need help with my php code please

Posted: Sun Jul 24, 2011 5:10 pm
by McInfo
chris707 wrote:I'm not sure what you mean by magic quotes.
Magic Quotes

Re: Need help with my php code please

Posted: Sun Jul 24, 2011 6:15 pm
by califdon
Look it up in Google. If you're going to be writing PHP scripts, you need to know about such things. It's part of the configuration of PHP on a server.