Help with User Control Panel

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
itDanny22
Forum Newbie
Posts: 5
Joined: Wed Jan 28, 2015 12:42 pm

Help with User Control Panel

Post by itDanny22 »

Hey,

I'm not very good when it comes to PHP. However I'm scripting a game using the PAWN language. I use MySQL to save the players data and sha1 to save the players password. I have a UCP, and when I try to login with the correct user and pass, it doesn't log me in, it says Wrong username or password.

Here is part of the code,

Code: Select all

if($submit) //if he press submit button
{    
    if($username && $password) //if he type both of username and password not just one of them
    {
        $query = mysql_query("SELECT user, password FROM playerdata WHERE user = '$username'"); //selecting user name and password, change it to your field names,  chage users to your table name, $username means username that he type...
        if(mysql_num_rows($query) == 1) //if user exists
        {
            while($row = mysql_fetch_assoc($query)) //loop thought table that we select in mysql_query
            {
                $dbusername = $row['username']; //setting dbusername as variable from table, change 'username' to your field!
                $dbpassword = $row['password']; //setting dbpassword as variable from table, change 'password' to your field!
                hash('sha1', $dbpassword); 
            }
            if($username == $dbusername && $password == $dbpassword) //if username is same as one from table and if password is the same as one from table...
            {
            	$_SESSION['username'] = $dbusername; //setting session username to one from table, this is useful if you login, that restart your browser and than you go in url where is your profile.php... Anyway this is useful :D
                echo header('location: profile.php'); //redirecting user to his profile page (profile.php)  
            }
            else echo header("Location:login.php"); //else if user type wrong password he will get this...
        }
        else echo header("Location:login.php"); //if username doesn't exist in table user will get this
    }
    else echo header("Location:login.php"); //else if user doesn't type all fields he will get this...
}

Code: Select all

hash('sha1', $dbpassword); 
I don't get what's wrong with it. How am I able to fix this problem?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Help with User Control Panel

Post by Christopher »

Do you do a session_start() before doing $_SESSION['username'] = $dbusername; ?
(#10850)
itDanny22
Forum Newbie
Posts: 5
Joined: Wed Jan 28, 2015 12:42 pm

Re: Help with User Control Panel

Post by itDanny22 »

Christopher wrote:Do you do a session_start() before doing $_SESSION['username'] = $dbusername; ?
Yep, it's right at the top,

Code: Select all

 <?php

include("config.php"); // including our config.php where is connecting to mysql...
session_start(); //starting session for profile.php (Dunno how to explain better) look little down
error_reporting(0); //without this we will always get some stupid notice that variable isn't defined....
itDanny22
Forum Newbie
Posts: 5
Joined: Wed Jan 28, 2015 12:42 pm

Re: Help with User Control Panel

Post by itDanny22 »

I had made a mistake

Before it was,

Code: Select all

$dbusername = $row['username'];
Then I changed 'username' to 'user', now it seems to work. In my database, my password was hashed with sha1, I had removed the sha1 just for my account and replaced the password with 'bob' without hashing it. Then I had logged into the my control panel and it worked. However, that means that the password is not hashing. Where should I add the,

Code: Select all

hash('sha1', $dbpassword); 
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Help with User Control Panel

Post by Celauran »

You need to save it to a variable. Right now you're discarding it.

Instead of

Code: Select all

$dbpassword = $row['password']; //setting dbpassword as variable from table, change 'password' to your field!
hash('sha1', $dbpassword);
use

Code: Select all

$dbpassword = hash('sha1', $row['password']);
itDanny22
Forum Newbie
Posts: 5
Joined: Wed Jan 28, 2015 12:42 pm

Re: Help with User Control Panel

Post by itDanny22 »

Celauran wrote:You need to save it to a variable. Right now you're discarding it.

Instead of

Code: Select all

$dbpassword = $row['password']; //setting dbpassword as variable from table, change 'password' to your field!
hash('sha1', $dbpassword);
use

Code: Select all

$dbpassword = hash('sha1', $row['password']);
I have done that, but it still doesn't seem to work
itDanny22
Forum Newbie
Posts: 5
Joined: Wed Jan 28, 2015 12:42 pm

Re: Help with User Control Panel

Post by itDanny22 »

I have also tried using,

Code: Select all

$dbpassword = sha1($row['password']);
But I can't get it to work
Post Reply