Page 2 of 2
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 7:43 am
by aceconcepts
Code: Select all
function login($username, $password)
{
$q = "SELECT * FROM user WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
$row=mysql_fetch_array($result);
$login = $row['username'] . " | " . $row['userPassword'];
return $login; //echo this from where you call the function
}
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 9:22 am
by khushbush
Ok, here is the result of that function:
user | password
(real username and password have been changed).
Something has come to my attention. It appears that the database is matching the passwords, but not logging me in. When I type in the correct password, the page just refreshes back to the usual login page. However, when I enter an incorrect password, the page shows me the 'Invalid password' error. I think there may now be a problem with my being logged in.
Should I start another thread seeing as the problem is now seemingly unrelated to the thread title or should I continue to try to fix it here with help from you guys?
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 9:26 am
by aceconcepts
so "user" and "password" are the literal values in the database?
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 9:35 am
by khushbush
Something has come to my attention. It appears that the database is matching the passwords, but not logging me in. When I type in the correct password, the page just refreshes back to the usual login page. However, when I enter an incorrect password, the page shows me the 'Invalid password' error. I think there may now be a problem with my being logged in.
Should I start another thread seeing as the problem is now seemingly unrelated to the thread title or should I continue to try to fix it here with help from you guys?
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 9:40 am
by aceconcepts
So your query works and it's just going back to the login page?
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 11:07 am
by RobertGonzalez
Ok, you are doing way too much for this little action. If all you want is to see if data passed from the form results in a known user this will work:
Code: Select all
<?php
function checkUserLogin() {
// To make sure it matches wrap the username is real escape like you do on inserts
$user = mysql_real_escape_string($_POST['username']);
// Now hash the password like you do on inserts
$pass = md5($_POST['password']);
// Now run the query
$sql = "SELECT * FROM `userTable` WHERE `userName` = '$user' AND `userPass` = '$pass'";
if (!$result = mysql_query($sql)) {
return 0;
}
// Return the number of found rows. This can be evaluated in the calling code
return mysql_num_rows($results);
}
?>
All this does is see if the user is in the table using the data they presented. This does not get user data or anything else.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 12:49 pm
by khushbush
Thanks for your help so far, everyone...
ok...
aceconcepts - yes, my query works, it's just going back to the login page as opposed to logging in...
Everah - your code logged me in, but it keeps changing the password in the database to the one I type in...so if the password was originally 'apple' and I type 'orange' into the password field, 'orange' is also inserted into the password field of the database instead of giving me the invalid password error. So weird.

Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 1:20 pm
by RobertGonzalez
There has to be other code added to what I provided then because a Select query will not update anything.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 2:38 pm
by khushbush
Yes, I just checked my code...and I had to remove an unnecessary function that I had included earlier that kept being called upon login and updating the password field. So now that problem is out of the way...and the password doesn't keep changing...another problem seems to have appeared. I'm able to login...however, the password I've entered to log into my account is different to the password stored in the database...so anyone could log into my account using any password they wanted.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 4:36 pm
by aceconcepts
You're using md5 encryption for your password variable used in the query.
Is your password in the database encrypted?
e.g. password variable = £$t3rtg%££%TY345g4%Gw45## (something encrypted like this)
your password in the database is probably not encrypted e.g. "orange" - so they won't match.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 5:10 pm
by RobertGonzalez
<rant>MD5 is not encryption it is a one way hash</rant>
Passwords should always be masked in some way. Encryption or hashing works. Just be consistent.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 5:13 pm
by khushbush
aceconcepts wrote:So your query works and it's just going back to the login page?
Forgot to answer your question. Yes, my query works, and it yes it keeps going back to the login page.
Re: Cannot verify password on login
Posted: Sat Apr 19, 2008 5:17 pm
by khushbush
Everah wrote:<rant>MD5 is not encryption it is a one way hash</rant>
Passwords should always be masked in some way. Encryption or hashing works. Just be consistent.
Weeeeellll...just to put things in context...this is part of a university project, and not really part of an official website...so I'm not putting emphasis on MD5 hashing...although, I do emphasise the importance of MD5...many security failings are due to lack of MD5-ing passwords...digital authentication doesn't always work.
I must add...LOL at <rant> tags.