Gonna kick myself when I figure this out

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Theory?
Forum Contributor
Posts: 138
Joined: Wed Apr 11, 2007 10:43 am

Gonna kick myself when I figure this out

Post by Theory? »

I'm doing a really...REALLY rudimentary script for a class just to make my life a little easier when it comes to handing in homework. I'm working on making the login script and like...it's so stupid, it's such a simple script, it's not very secure...at all, but it's not working.

Code: Select all

 
<?php
 
    if (isset($_POST['submitted'])) {
        
        $link = mysqli_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB) or
                die("Could not connect to database" . mysqli_connect_error());
        
        $userName = mysqli_real_escape_string($link, $_POST['userName']);
        $password = mysqli_real_escape_string($link, $_POST['password']);
        $submitted = $_POST['submitted'];
            
        $sql = "SELECT userName, password FROM users WHERE userName='$userName' AND password='md5($password)'";
                
        $rs = mysqli_query($link, $sql) or
                die("Query failed!!!" . mysqli_error($link));
        
        $count = mysqli_num_rows($rs);
        
        if ($count == 1) {
            
            session_start();
            
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['userName'] = $userName;
            
            header('Location: ' . SITE_DIR . '/admin/index.php');
        } else {
            
            echo "Something went wrong.";
        }
        
        
    } else {
 
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
    <title>Login</title>
    
</head>
 
<body>
 
    <form method="post" action="index.php?page=login">
    <table style="margin: 0 auto; margin-top: 20px; border: 1px solid 0;">
        <tr>
            <td>Login:&nbsp;
                <input type="text" name="userName" /></td>
        </tr>
        <tr>
            <td>Password:
                <input type="password" name="password" /></td>
        </tr>
        <tr>
            <td>
                <input type="hidden" name="submitted" value="TRUE" />
                <input type="submit" value="Log In" />
            </td>
        </tr>
    </table>
    </form>
        
</body>
</html>
 
<?php } ?>
 
the action is the way it is because I have a front gateway that has the resource for the constants etc.

I'm at the "Something went wrong" part meaning the query has been run but it's not returning a result set. I KNOW for a fact that I used MD5 to encrypt the password. I got the literal hash and tried entering values manually in the MySQL client and it returned the one row I needed, but for some reason it's not working here. I know it has to be...HAS TO BE the stupidest error that I'm just way too burnt out to find.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Gonna kick myself when I figure this out

Post by VladSun »

SQL MD5() is a function ;)
[sql]SELECT userName, password FROM users WHERE userName='$userName' AND password=MD5('$password')[/sql]
Also, always put a call to exit() after using header().
There are 10 types of people in this world, those who understand binary and those who don't
Theory?
Forum Contributor
Posts: 138
Joined: Wed Apr 11, 2007 10:43 am

Re: Gonna kick myself when I figure this out

Post by Theory? »

God dammit. Thank you so much, I was beating myself to death over that. I knew it was retarded.
Post Reply