Login Script help!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
thunderbox
Forum Newbie
Posts: 13
Joined: Wed Mar 07, 2007 4:06 pm

Login Script help!

Post by thunderbox »

hey i have written a script that a website requires... ive created the sign up with no troubles but it does not allow me to login.. this is the login code:

Code: Select all

include 'database_connect.php';

if(isset($_POST['login'])) {
	
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	
	$password = md5($password);
	
	$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
	$logincheck = mysql_num_rows($sql);
	
	if($logincheck > 0) {
		while($row = mysql_fetch_array($sql)) {
			foreach( $row AS $key => $val ) {
				$$key = stripslashes( $val );
			}
			// Session Data
			$_SESSION['username'] = $username;
			$_SESSION['userlevel'] = $userlevel;
			$_SESSION['auth'] = true;
			
			echo 'Login Successful!';
			echo "<br />You Are Currently Logged In As <b>$username</b>";
		}
	} else {
		echo "<b><font color = 'red'>Login Credentials Wrong</b></font>";
	}
}
every time i try log in it comes up with the same error. it comes up with he error "wrong login credentials" which i wrote myself.. so there has to be something wrong with the SQL query or what i thin which is the md5 encoding on the password.

thanks for all your help in advance
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

You shouldn't need to run mysql_real_escape_string on a string being hashed with md5(). Have you checked that your signup password hash is consistent with your login hash?
thunderbox
Forum Newbie
Posts: 13
Joined: Wed Mar 07, 2007 4:06 pm

Post by thunderbox »

the sign up script also runs a mysql_real_escape_string and and md5.. should i remove the mysql_real_escape_string on both (both password fields i mean)?
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

I doubt it's causing the problem, but you don't need it as long as you're hashing with md5 before it's being inserted. Can you post the code used to insert new users?
thunderbox
Forum Newbie
Posts: 13
Joined: Wed Mar 07, 2007 4:06 pm

Post by thunderbox »

Code: Select all

include 'database_connect.php';

if (isset($_POST['submit'])) {

// change the variables

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password1 = mysql_real_escape_string($_POST['password1']);
$email = mysql_real_escape_string($_POST['email']);
$email1 = mysql_real_escape_string($_POST['email1']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$birthdate = mysql_real_escape_string($_POST['birthdate']);
$gender = mysql_real_escape_string($_POST['gender']);
$location = mysql_real_escape_string($_POST['location']);
$ip = $_SERVER['REMOTE_ADDR'];

// Check if there is existing user in the databse
$check1 = mysql_query("SELECT * FROM users WHERE username='$username'");


if (mysql_num_rows($check1) > 1) {
echo 'Someone has already Taken that username, please try another!';
}

// check if ALL the feilds have been filled out correctly

if ($username == '') { echo 'The username field is empty'; }
if ($password == '') { echo 'The password field is empty'; }
if ($password1 == '') { echo 'The repeat password field is empty'; }
if ($email == '') { echo 'The email field is empty'; }
if ($email1 == '') { echo 'The repeat email field is empty'; }
if ($firstname == '') { echo 'The first name field is empty'; }
if ($lastname == '') { echo 'The last name field is empty'; }
if ($birthdate == '') { echo 'The birthdate field is empty'; }
if ($gender == '') { echo 'The gender field is empty'; }
if ($location == '') { echo 'The location field is empty'; }

// check if the passwords matched

if ($password == $password1) {

// Encrypt the password

$password2 = md5($password);

// insert <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> into the database

$insert = mysql_query("INSERT INTO users (username, password, email, firstname, lastname, birthdate, gender, location, ip) VALUES ('$username','$password2','$email','$firstname','$lastname','$birthdate','$gender','$location','$ip')");

if (!$insert) {
mysql_error();
} else {
// Tell themn that eveything is cool!

echo 'You can now login!';

include 'login.php';

}
} else {
echo 'The passwords you enterd did not match';
}
}
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

I'd print out the hash you're getting on login and compare it to the one in the database with a database browser like phpmyadmin
thunderbox
Forum Newbie
Posts: 13
Joined: Wed Mar 07, 2007 4:06 pm

Post by thunderbox »

md5 hash generated from login : 7694f4a66316e53c8cdd9d9954bd611d
md5 has in phpmyadmin : 7694f4a66316e53c8cdd9d995

ohh yea i see its missing the last characters
is this because i limited the password feild to 25 when i created the table?

... Solved ....

i changed the maximum values from 25 to 255 in the database and now everything is working fine
thanx for your help
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

de nada
Post Reply