Page 1 of 1

PHP/MYSQL Authentication User/Pass Login

Posted: Wed Jul 02, 2008 11:38 am
by nightkarnation
Hey...
Im trying to do an authentication login page but for some reason on the password code...if i type a username and password thats already saved on my database...i still keep on getting wrong password

Here's mysql code:

Code: Select all

 
CREATE TABLE tbl_auth_user (
user_id VARCHAR(10) NOT NULL,
user_password CHAR(32) NOT NULL, 
PRIMARY KEY (user_id)
);
 
INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('theadmin', PASSWORD('chumbawamba'));
INSERT INTO tbl_auth_user (user_id, user_password) VALUES ('webmaster', PASSWORD('webmistress'));
 
Here's login.php code:

Code: Select all

 
<?php
session_start(); 
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
   include 'library/config.php';
   include 'library/opendb.php';
 
   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];
 
   // check if the user id and password combination exist in database
   $sql = "SELECT user_id 
           FROM tbl_auth_user
           WHERE user_id = '$userId' 
                 AND user_password = PASSWORD('$password')";
 
   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 
 
   if (mysql_num_rows($result) == 1) {
      // the user id and password match, 
      // set the session
      $_SESSION['db_is_logged_in'] = true;
 
      // after login move to the main page
      header('Location: main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }
 
   include 'library/closedb.php';
}
?>
 
Any ideas??
Thanks for ur time!

Re: PHP/MYSQL Authentication User/Pass Login

Posted: Wed Jul 02, 2008 11:47 am
by Frozenlight777
not sure what your PASSWORD function is doing but try just printing out the password that has been entered and see if that's the correct result. Your function might be doing something funny to it.