Page 1 of 1

crypt... login nothing happening

Posted: Wed Jul 24, 2002 9:28 pm
by cheatboy00
o.k. when i login nothings happening .........

i crypted teh password as you joined ...

Code: Select all

$crypt_pass = crypt($pass);
this is whats happening during the process of loging in...

Code: Select all

$qry = mysql_query("SELECT * FROM users WHERE login = '$login'");

if (mysql_num_rows($qry) == 1){ 

   $row = mysql_fetch_assoc($qry); 
   
   $crypt_pass = $rowї'pass'];
   $salt = substr($crypt_pass,0,2);

   if ($crypt_pass == crypt($password,$salt)){

      session_start();
   
      $log = $rowї'status']; 
      $id = $rowї'id'];

      $crypt_log = crypt($log);
      $crypt_id = crypt($id);

      session_register('crypt_log');
      session_register('crypt_id');

      mysql_query("UPDATE users SET online = 'y' WHERE id = '$id'");
   }

} else {
   echo("Nope wrong login or pass");
}
then i go and try to decide what control panel to use.....

Code: Select all

$a1 = "user";
$a2 = "staff";
$a3 = "admin";

$salt = substr ($crypt_log,0,2);

$u = crypt($a1,$salt);
$s = crypt($a2,$salt);
$a = crypt($a3,$salt);

if ($crypt_log == $u && $go != 'lout'){
   include ("ucp.php"); 
}   

else if ($crypt_log == $s && $go != 'lout'){
   include ("scp.php"); 
}   

else if ($crypt_log == $a && $go != 'lout'){
   include ("acp.php");
}

else if (!$crypt_log || $go == 'lout'){
   include ("log.php");
}
it keeps on showing the log.php file... if you have any ideas at all please help!!!! :cry:

this is a sample of the crypt that comes out when you register
$1$Cs8AgYVE$pLQI

also I'm not getting any errors ....

Posted: Thu Jul 25, 2002 9:27 am
by RandomEngy
First, changing all of your crypts, salts and whatnot to md5()'s would make the script a lot simpler, and just as secure. Just store the passwords in the database md5()'d and all your session passwords that way too. That may even fix your error.

Code: Select all

if( md5($entered_pass) == $pass_from_database )
  echo "Come on in!";
else
  echo "Wrong password you bozo.";

Posted: Thu Jul 25, 2002 3:47 pm
by cheatboy00
I fixed it and everything works now...

Posted: Fri Jul 26, 2002 1:52 am
by twigletmac
Fixed it how? Something you care to share, perhaps to help others later...

Mac

Posted: Fri Jul 26, 2002 11:38 am
by cheatboy00
oh ya o.k......

it seems that when ever a password was entered into the database it was crypted with a 16 character long encryption (i used md5).

and when i tried and crypt it anyway else on the site for some reason teh encryption would be a whole lot longer... but the first 16 characters of that matched the ones in the database even though they were the same passwords... heres an example

db pass: test12
db crypt pass: 613aB3Fh6ku7fG9e
your entered pass: test12
your crypted pass: 613aB3Fh6ku7fG9eaSd4df5546fdgsdfg

I tested this numerous times.... checking to see if all the passes in the database were that long...

so i solved it with a simple

substr($crypt_entered_pass,0,16)...

BUT.............. what i now realized, when i was typing this out. the reason why it was showing 16 characters, becasue i had that feild length set to 16... erg (going to fix that now).... becasue before i knew how to crypt i had the passes just entered into the databse and i have it so the users passwords are no longer than 16... and so that screwed me up...

but obivously the crypted passes that were entered are longer than 16 characters so the rest got cut off....

heres what the code looks like:

Code: Select all

// checking the username
$qry = mysql_query("SELECT * FROM users WHERE login = '$user_name'");

if (mysql_num_rows($qry) == 1){ 

   //feeding all the users info into an array, then getting the pass 
   $row = mysql_fetch_assoc($qry); 
   $crypt_pass = $rowї'pass'];

   // encrypting the enterd pass, then cutting off the end 
   $a = md5($entered_pass);
   $b = substr ($a,0,16);

   // checkign your pass, aginst the pass in the database
   if ($b == $crypt_pass){

      session_start();
   
      $log = $rowї'status']; 
      $id = $rowї'id'];
      $crypt_log = md5($log);
      $crypt_id = md5($id);

      session_register('crypt_log');
      session_register('crypt_id');

   } else {
      echo "<font color=ff0000>Wrong password.";
   &#125;

&#125; else &#123;
     echo "<font color=ff0000>Wrong login name.</font>"; 
&#125;
I believe you will understand that... then for showing the control panel i did this...

Code: Select all

session_start()

// crypting the different statuses... so they can be checked agnist the one 
// in the session
$u = md5("user");
$s = md5("staff");
$a = md5("admin");

if ($crypt_log == $u && $go != 'lout')&#123;
   include ("ucp.php"); 
&#125;

// all the other ifs are just like that only instead of $u its $s or $a
i believe its all straight forward...

Posted: Fri Jul 26, 2002 12:33 pm
by llimllib
I did the same exact thing when i set up my first auth database. took me a whole day of pulling my hair out to get that one solved...