PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
function login($username, $password)
{
$q = "SELECT * FROM user WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
$row=mysql_fetch_array($result);
$login = $row['username'] . " | " . $row['userPassword'];
return $login; //echo this from where you call the function
}
Something has come to my attention. It appears that the database is matching the passwords, but not logging me in. When I type in the correct password, the page just refreshes back to the usual login page. However, when I enter an incorrect password, the page shows me the 'Invalid password' error. I think there may now be a problem with my being logged in.
Should I start another thread seeing as the problem is now seemingly unrelated to the thread title or should I continue to try to fix it here with help from you guys?
Something has come to my attention. It appears that the database is matching the passwords, but not logging me in. When I type in the correct password, the page just refreshes back to the usual login page. However, when I enter an incorrect password, the page shows me the 'Invalid password' error. I think there may now be a problem with my being logged in.
Should I start another thread seeing as the problem is now seemingly unrelated to the thread title or should I continue to try to fix it here with help from you guys?
<?php
function checkUserLogin() {
// To make sure it matches wrap the username is real escape like you do on inserts
$user = mysql_real_escape_string($_POST['username']);
// Now hash the password like you do on inserts
$pass = md5($_POST['password']);
// Now run the query
$sql = "SELECT * FROM `userTable` WHERE `userName` = '$user' AND `userPass` = '$pass'";
if (!$result = mysql_query($sql)) {
return 0;
}
// Return the number of found rows. This can be evaluated in the calling code
return mysql_num_rows($results);
}
?>
All this does is see if the user is in the table using the data they presented. This does not get user data or anything else.
aceconcepts - yes, my query works, it's just going back to the login page as opposed to logging in...
Everah - your code logged me in, but it keeps changing the password in the database to the one I type in...so if the password was originally 'apple' and I type 'orange' into the password field, 'orange' is also inserted into the password field of the database instead of giving me the invalid password error. So weird.
Yes, I just checked my code...and I had to remove an unnecessary function that I had included earlier that kept being called upon login and updating the password field. So now that problem is out of the way...and the password doesn't keep changing...another problem seems to have appeared. I'm able to login...however, the password I've entered to log into my account is different to the password stored in the database...so anyone could log into my account using any password they wanted.
Everah wrote:<rant>MD5 is not encryption it is a one way hash</rant>
Passwords should always be masked in some way. Encryption or hashing works. Just be consistent.
Weeeeellll...just to put things in context...this is part of a university project, and not really part of an official website...so I'm not putting emphasis on MD5 hashing...although, I do emphasise the importance of MD5...many security failings are due to lack of MD5-ing passwords...digital authentication doesn't always work.