this is starting to peev me off.
here is the script:
if(isset($username) | isset($password)) {
session_register("username");
session_register("password");
$database = "m2b";
$db_select = @mysql_select_db($database);
$sql = "SELECT * FROM users WHERE username = '$username'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$encryptedpassword = md5($password);
$dat = mysql_fetch_array($fetch_em);
$user = $dat["username"];
$numrows = mysql_num_rows($fetch_em);
if($numrows != "0" & $encryptedpassword == $dat["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
whenever i try to log on it comes up with incorrect login. i am trying to get it to verify the password entered into a form against an md5 encrypted password in the database.
if i remove the md5 section and use the following it will work with non encrypted passwords.
if(isset($username) | isset($password)) {
session_register("username");
session_register("password");
$database = "m2b";
$db_select = @mysql_select_db($database);
$sql = "SELECT * FROM users WHERE username = '$username'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$dat = mysql_fetch_array($fetch_em);
$user = $dat["username"];
$numrows = mysql_num_rows($fetch_em);
if($numrows != "0" & $password == $dat["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
how do i get this to work?
cheers
problem logging in when checking against md5 encrypted passw
Moderator: General Moderators
- protokol
- Forum Contributor
- Posts: 353
- Joined: Fri Jun 21, 2002 7:00 pm
- Location: Cleveland, OH
- Contact:
The first obvious things that I noticed are you invalid uses of & and |
You most definitely want to use && and ||, "AND" and "OR" respectively.
BAD:
if ($first == true | $second == false & $third == true) {}
CORRECT:
if ($first == true || $second == false && $third == true) {}
Notice that I used || and && instead of | and &
Hopefully this fixes your code big time.
You most definitely want to use && and ||, "AND" and "OR" respectively.
BAD:
if ($first == true | $second == false & $third == true) {}
CORRECT:
if ($first == true || $second == false && $third == true) {}
Notice that I used || and && instead of | and &
Hopefully this fixes your code big time.
the use of | and & should be ok. they're the short-circuting versions of || and &&.
using | if the first is true, it doesn't check the second, as it will have evaluated the if statement as true.
using & will stop evaluating when it finds a false, as then it wont need to continue.
as far as the problem with the encryption, not really sure on that.
using | if the first is true, it doesn't check the second, as it will have evaluated the if statement as true.
using & will stop evaluating when it finds a false, as then it wont need to continue.
as far as the problem with the encryption, not really sure on that.
thanks for trying protokol,
but no joy. i know i could have used OR as well, but all i want to check is whether either had been passed to the page.
hell i could of used and as well to ensure that both username and password had been passed.
i just dont get why the password won't check against the database.
here's the entire code if it helps.
<?
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($username) && !isset($password)) {
?>
<form method="POST" action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>"><table><tr>
<td align=right><font color="black"><nobr>login user:</font>
</td>
<td><input type="text" name="username" style="font-family:verdana; font-size: 11px;" size="15" autocomplete="off" value="login">
</td>
<td><font color="black"><nobr>password:</font>
</td>
<td><input type="password" name="password" size="15" style="font-family:verdana; font-size: 11px;">
</td>
<td><input type="submit" value="go" color="black">
</td>
</tr></table></form>
<?
}
// If all is well so far.
if(isset($username) && isset($password)) {
session_register("username");
session_register("password");
$database = "m2b";
$db_select = @mysql_select_db($database);
$sql = "SELECT * FROM users WHERE username = '$username'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$encryptedpassword = md5($password);
$dat = mysql_fetch_array($fetch_em);
$user = $dat["username"];
$numrows = mysql_num_rows($fetch_em);
if($numrows != "0" && $encryptedpassword == $dat["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....
if (!($valid_user))
{
?>
<form method="POST" action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>"><table><tr>
<td align=right><font color="black"><nobr>incorrect login user:</font>
</td>
<td><input type="text" name="username" style="font-family:verdana; font-size: 11px;" size="15" autocomplete="off" value="login">
</td>
<td><font color="black"><nobr>password:</font>
</td>
<td><input type="password" name="password" size="15" style="font-family:verdana; font-size: 11px;">
</td>
<td><input type="submit" value="go">
</td>
</tr></table></form>
<?
}
if (($valid_user)){
?>
<table><tr>
<td><td width="1"><img src="images/spacer.gif" width="1" height="15"></td>
<td><font color="black">Welcome <?echo $dat["username"]?> </font><a href="logout.php"><font color="black">logout</font></a></td>
</tr></table>
<?
}}
?>
well here's hoping
but no joy. i know i could have used OR as well, but all i want to check is whether either had been passed to the page.
hell i could of used and as well to ensure that both username and password had been passed.
i just dont get why the password won't check against the database.
here's the entire code if it helps.
<?
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($username) && !isset($password)) {
?>
<form method="POST" action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>"><table><tr>
<td align=right><font color="black"><nobr>login user:</font>
</td>
<td><input type="text" name="username" style="font-family:verdana; font-size: 11px;" size="15" autocomplete="off" value="login">
</td>
<td><font color="black"><nobr>password:</font>
</td>
<td><input type="password" name="password" size="15" style="font-family:verdana; font-size: 11px;">
</td>
<td><input type="submit" value="go" color="black">
</td>
</tr></table></form>
<?
}
// If all is well so far.
if(isset($username) && isset($password)) {
session_register("username");
session_register("password");
$database = "m2b";
$db_select = @mysql_select_db($database);
$sql = "SELECT * FROM users WHERE username = '$username'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$encryptedpassword = md5($password);
$dat = mysql_fetch_array($fetch_em);
$user = $dat["username"];
$numrows = mysql_num_rows($fetch_em);
if($numrows != "0" && $encryptedpassword == $dat["password"]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....
if (!($valid_user))
{
?>
<form method="POST" action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>"><table><tr>
<td align=right><font color="black"><nobr>incorrect login user:</font>
</td>
<td><input type="text" name="username" style="font-family:verdana; font-size: 11px;" size="15" autocomplete="off" value="login">
</td>
<td><font color="black"><nobr>password:</font>
</td>
<td><input type="password" name="password" size="15" style="font-family:verdana; font-size: 11px;">
</td>
<td><input type="submit" value="go">
</td>
</tr></table></form>
<?
}
if (($valid_user)){
?>
<table><tr>
<td><td width="1"><img src="images/spacer.gif" width="1" height="15"></td>
<td><font color="black">Welcome <?echo $dat["username"]?> </font><a href="logout.php"><font color="black">logout</font></a></td>
</tr></table>
<?
}}
?>
well here's hoping
- daven
- Forum Contributor
- Posts: 332
- Joined: Tue Dec 17, 2002 1:29 pm
- Location: Gaithersburg, MD
- Contact:
I was having a similar problem. I got around it by placing the password check in the SQL statement.
$encryptedpassword=md5($password);
$sql = "SELECT * FROM users WHERE username = '$username' AND password='$encryptedpassword'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$numrows = mysql_num_rows($fetch_em);
if($numrows > 0) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
$encryptedpassword=md5($password);
$sql = "SELECT * FROM users WHERE username = '$username' AND password='$encryptedpassword'" or die("ERROR 1");
$fetch_em = mysql_query($sql) or die("ERROR 2");
$numrows = mysql_num_rows($fetch_em);
if($numrows > 0) {
$valid_user = 1;
}
else {
$valid_user = 0;
}