crypt... login nothing happening

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cheatboy00
Forum Contributor
Posts: 151
Joined: Sat Jun 29, 2002 10:36 am
Location: canada
Contact:

crypt... login nothing happening

Post by cheatboy00 »

o.k. when i login nothings happening .........

i crypted teh password as you joined ...

Code: Select all

$crypt_pass = crypt($pass);
this is whats happening during the process of loging in...

Code: Select all

$qry = mysql_query("SELECT * FROM users WHERE login = '$login'");

if (mysql_num_rows($qry) == 1){ 

   $row = mysql_fetch_assoc($qry); 
   
   $crypt_pass = $rowї'pass'];
   $salt = substr($crypt_pass,0,2);

   if ($crypt_pass == crypt($password,$salt)){

      session_start();
   
      $log = $rowї'status']; 
      $id = $rowї'id'];

      $crypt_log = crypt($log);
      $crypt_id = crypt($id);

      session_register('crypt_log');
      session_register('crypt_id');

      mysql_query("UPDATE users SET online = 'y' WHERE id = '$id'");
   }

} else {
   echo("Nope wrong login or pass");
}
then i go and try to decide what control panel to use.....

Code: Select all

$a1 = "user";
$a2 = "staff";
$a3 = "admin";

$salt = substr ($crypt_log,0,2);

$u = crypt($a1,$salt);
$s = crypt($a2,$salt);
$a = crypt($a3,$salt);

if ($crypt_log == $u && $go != 'lout'){
   include ("ucp.php"); 
}   

else if ($crypt_log == $s && $go != 'lout'){
   include ("scp.php"); 
}   

else if ($crypt_log == $a && $go != 'lout'){
   include ("acp.php");
}

else if (!$crypt_log || $go == 'lout'){
   include ("log.php");
}
it keeps on showing the log.php file... if you have any ideas at all please help!!!! :cry:

this is a sample of the crypt that comes out when you register
$1$Cs8AgYVE$pLQI

also I'm not getting any errors ....
User avatar
RandomEngy
Forum Contributor
Posts: 173
Joined: Wed Jun 26, 2002 3:24 pm
Contact:

Post by RandomEngy »

First, changing all of your crypts, salts and whatnot to md5()'s would make the script a lot simpler, and just as secure. Just store the passwords in the database md5()'d and all your session passwords that way too. That may even fix your error.

Code: Select all

if( md5($entered_pass) == $pass_from_database )
  echo "Come on in!";
else
  echo "Wrong password you bozo.";
User avatar
cheatboy00
Forum Contributor
Posts: 151
Joined: Sat Jun 29, 2002 10:36 am
Location: canada
Contact:

Post by cheatboy00 »

I fixed it and everything works now...
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Fixed it how? Something you care to share, perhaps to help others later...

Mac
User avatar
cheatboy00
Forum Contributor
Posts: 151
Joined: Sat Jun 29, 2002 10:36 am
Location: canada
Contact:

Post by cheatboy00 »

oh ya o.k......

it seems that when ever a password was entered into the database it was crypted with a 16 character long encryption (i used md5).

and when i tried and crypt it anyway else on the site for some reason teh encryption would be a whole lot longer... but the first 16 characters of that matched the ones in the database even though they were the same passwords... heres an example

db pass: test12
db crypt pass: 613aB3Fh6ku7fG9e
your entered pass: test12
your crypted pass: 613aB3Fh6ku7fG9eaSd4df5546fdgsdfg

I tested this numerous times.... checking to see if all the passes in the database were that long...

so i solved it with a simple

substr($crypt_entered_pass,0,16)...

BUT.............. what i now realized, when i was typing this out. the reason why it was showing 16 characters, becasue i had that feild length set to 16... erg (going to fix that now).... becasue before i knew how to crypt i had the passes just entered into the databse and i have it so the users passwords are no longer than 16... and so that screwed me up...

but obivously the crypted passes that were entered are longer than 16 characters so the rest got cut off....

heres what the code looks like:

Code: Select all

// checking the username
$qry = mysql_query("SELECT * FROM users WHERE login = '$user_name'");

if (mysql_num_rows($qry) == 1){ 

   //feeding all the users info into an array, then getting the pass 
   $row = mysql_fetch_assoc($qry); 
   $crypt_pass = $rowї'pass'];

   // encrypting the enterd pass, then cutting off the end 
   $a = md5($entered_pass);
   $b = substr ($a,0,16);

   // checkign your pass, aginst the pass in the database
   if ($b == $crypt_pass){

      session_start();
   
      $log = $rowї'status']; 
      $id = $rowї'id'];
      $crypt_log = md5($log);
      $crypt_id = md5($id);

      session_register('crypt_log');
      session_register('crypt_id');

   } else {
      echo "<font color=ff0000>Wrong password.";
   &#125;

&#125; else &#123;
     echo "<font color=ff0000>Wrong login name.</font>"; 
&#125;
I believe you will understand that... then for showing the control panel i did this...

Code: Select all

session_start()

// crypting the different statuses... so they can be checked agnist the one 
// in the session
$u = md5("user");
$s = md5("staff");
$a = md5("admin");

if ($crypt_log == $u && $go != 'lout')&#123;
   include ("ucp.php"); 
&#125;

// all the other ifs are just like that only instead of $u its $s or $a
i believe its all straight forward...
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

I did the same exact thing when i set up my first auth database. took me a whole day of pulling my hair out to get that one solved...
Post Reply