PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
if ((!$_POST['email']) || (!$_POST['password'])) {
header("Location: login.php");
exit;
}
// authenticate.
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$sql = "SELECT * FROM `signup` WHERE `email` = '$_POST[email]'";
$result = mysql_query($sql,$db) or die(mysql_error());
$number= mysql_num_rows($result);
$info = mysql_fetch_array($result);
if ($number == 0) {
die('That email does not exist in our database.');
}
// check passwords match
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$sql2 = "UPDATE `signup` SET `last_login` = \"$date\", WHERE `email` = '$_POST[email]'";
$result2 = mysql_query($sql2,$db) or die(mysql_error());
$_POST['email'] = stripslashes($_POST['email']);
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $_POST['password'];
?>
Apparently the $_POST[password] and $info[password] aren't matching up. If I take out the line above that with the md5 in it, I can go to the login screen but none of my session variables are stored. So there has to be a problem in that area. Can anyone help?
Try something like this and see what is getting echo'd. NOTE: This is for testing only as it exposes the passed values and database values for password!
<?php
if ( !isset($_POST['email']) || !isset($_POST['password']) ) {
header("Location: http://www.fullurihere.com/login.php");
exit;
}
$email = $_POST['email'];
// authenticate.
if (!get_magic_quotes_gpc())
{
$email = addslashes($email);
}
// Shouldn't this have a limit clause, or do you make
//sure there are no more than email addresses like
//this in the table somewhere else?
$sql = "SELECT * FROM `signup` WHERE `email` = '$email'";
$result = mysql_query($sql,$db) or die(mysql_error());
$number= mysql_num_rows($result);
$info = array();
while ($row = mysql_fetch_array($result))
$info = $row;
}
if ($number == 0) {
die('That email does not exist in our database.');
}
// check passwords match
$password = md5($_POST['password']);
if ($password != $info['password']) {
die('Incorrect password, please try again. DEBUGGING: What we have is ' . $info['password'] . ' and what was passed is ' . $password . '...');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$date = date('m d, Y');
$sql2 = "UPDATE `signup` SET `last_login` = \"$date\", WHERE `email` = '$email'";
$result2 = mysql_query($sql2,$db) or die(mysql_error());
$_SESSION['email'] = $email;
// NOTICE THIS CHANGES THE SESSION'D PASSWORD TO A HASH INSTEAD OF PLAIN TEXT?
$_SESSION['password'] = $password;
?>