Page 1 of 1

Help with setting up an authorization system

Posted: Thu Apr 23, 2009 12:36 pm
by Ciaran1987
Hi guys

I`m trying to setup a system where a user enters there usernname and password and then tries to log in depending whether there details match up,using a MySql DB.

Password.html

Code: Select all

<form method="post" action="insert.php">
 
Full Name: (Example: Michael R Maguire) <br />
 
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
 
<br />
<br />
 
User Name: <br />
 
<input type="text" name="sha_pw" size="20" maxlength="20"/> (20 Characters Max)
 
<br />
<br />
 
<input type="submit" value="Create User" />
 
</form>
 
Insert.php

Code: Select all

<?php
$user_name = $_POST['user_name'];
$SHA_PW = $_POST['sha_pw'];
 
 
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
 
 
if(empty($user_name) || empty($sha_pw)) {
echo "<h2>Please fill in all fields</h2>\n";
echo "Please use the back button in your browsers and fill in all required fields.\n";
die ();
}
 
 
 
$sql="insert into teamtutorials_test  (`User_ID` , `user_name` , `sha_pw`)  values ('NULL','$user_name','sha1($sha_pw)')";
mysql_query($sql) or die (mysql_error()." $sql");
 
 
 
?>
login.html

Code: Select all

<form method="post" action="session.php">
 
Full Name: (Example: Michael R Maguire) <br />
 
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
 
<br />
<br />
 
User Name: <br />
 
<input type="text" name="password" size="20" maxlength="20"/>
 
<br />
<br />
 
<input type="submit" value="Create User" />
 
</form>
 
session.php

Code: Select all

<?php
 
session_start();
 
if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];
 
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
 
$sql = mysql_query("select count(*) from teamtutorials_test
where user_name = '$user_name' and sha_pw = sha1('$password')") or die(mysql_error());
 
$results = mysql_result($sql, 0);
 
if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>
 
The problem that I am having is that any name and pass the user enters brings them to yahoo.com(meaning that it has failed???)

Any advice would be much appreciated

Re: Help with setting up an authorization system

Posted: Thu Apr 23, 2009 2:01 pm
by Ciaran1987
I`ve echoed the query string and when I enter in the Username :Ciaran and pass: password it returns

user_Name: CiaranPassword: password user_Name: ciaranSha Password: 4c0dffd9ee85b2520acaa4a2b2722450d583b30e

But when I look at what is entered in my DB through php my admin it is as I entered.Theres something obviously going wrong somehwere.

Re: Help with setting up an authorization system

Posted: Fri Apr 24, 2009 11:28 am
by Ciaran1987
I have decided to replace the sha1/sha_pw etc with "password" so I dont have many different names,hopefully this will make it easier for someone to spot my mistake???Many thanks

Code: Select all

<form method="post" action="insert.php">
 
Full Name: (Example: Michael R Maguire) <br />
 
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
 
<br />
<br />
 
User Name: <br />
 
<input type="text" name="password" size="20" maxlength="20"/> (20 Characters Max)
 
<br />
<br />
 
<input type="submit" value="Create User" />
 
</form>
 

Code: Select all

<?php
$user_name = $_POST['user_name'];
$password = $_POST['password'];
 
 
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
 
 
if(empty($user_name) || empty($password)) {
echo "<h2>Please fill in all fields</h2>\n";
echo "Please use the back button in your browsers and fill in all required fields.\n";
die ();
}
 
 
 
$sql="insert into teamtutorials_test  (`User_ID` , `user_name` , `password`)  values ('NULL','$user_name','$password')";
mysql_query($sql) or die (mysql_error()." $sql");
 
echo "user_name: $user_name";
 
echo "Password: ".($password);
 
?>
 
 
 

Code: Select all

<form method="post" action="session.php">
 
Full Name: (Example: Michael R Maguire) <br />
 
<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)
 
<br />
<br />
 
User Name: <br />
 
<input type="text" name="password" size="20" maxlength="20"/>
 
<br />
<br />
 
<input type="submit" value="Create User" />
 
</form>
 

Code: Select all

<?php
 
session_start();
 
if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];
 
$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);
 
$sql = mysql_query("select * from teamtutorials_test
where user_name = '$user_name' and password = '$password'") or die(mysql_error());
 
$results = mysql_result($sql, 0);
 
if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>