why password is not matching

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

why password is not matching

Post by rami »

i have in database
Field Type Collation Attributes Null Default
tusername varchar(30) latin1_swedish_ci Yes NULL
password varchar(15) latin1_swedish_ci Yes NULL

according to mysqladmin

i have code as

Code: Select all

<?php 
ob_start(); 

$page_title = 'Login'; 
if (isset($_POST['submit'])) { 
require_once('../mysql_connect1.php'); 
    
   if (empty($_POST['tusername'])) { // 
        

$u = FALSE; 
      echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>'; 
   } else { 
   $u =escape_data($_POST['tusername']); 
   } 
    
    

if (empty($_POST['password'])) { 
      $p = FALSE; 
      echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>'; 
   } else { 
        

$p = escape_data($_POST['password']); 
   } 
    
   if ($u && $p) { 
    
$query = "SELECT teach_id,tusername FROM teachers WHERE tusername='$u' AND 

password=PASSWORD('$p')";  
   $result = @mysql_query ($query); 
      $row = mysql_fetch_array ($result); 
        
      if ($row) { 
              
        session_start();      
$_SESSION['tname'] = $row[1]; 
            $_SESSION['teach_id'] = $row[0]; 
        

   ob_end_clean(); 
            header ("Location: 

http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/disteachers.php?uid=".$row['teach_

id']."");            exit(); 
              
      } else { 

// No match was made. 
         echo '<p><font color="red" size="+1">The username and password entered do not match 

those on file.</font></p>'; 
      } 
        
        

mysql_close(); // Close the database connection. 
        
   } else { // If everything wasn't OK. 
      echo '<p><font color="red" size="+1">Please try again.</font></p>';        
   } 
    
} // End of SUBMIT conditional. 
?> 

<center><h1>Login</h1> </center>
<table border="1" width="100%" bordercolor="#0000FF" bordercolorlight="#0000FF" 

bordercolordark="#0000FF" cellpadding="3">
  <tr>
    <td width="100%">
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
        
        <p align="center">&nbsp;&nbsp;&nbsp;&nbsp; <b>Add&nbsp; Students</b></p>
        <table border="0" width="100%" bgcolor="#EFEFEF" cellspacing="1" cellpadding="3">
          <tr>
            <td width="100%" colspan="2" bgcolor="#00659C">
              <p align="center"><b>&nbsp;<font color="#FFFFFF">Teacher's Login</font></b></td>
          </tr>
          <tr>
            <td width="59%"><b>UserName </b></td>
            <td width="41%"><input type="text" name="tusername" size="10" 

maxlength="20" value="<?php if (isset($_POST['tusername'])) echo $_POST['tusername']; ?>" /></td>
          </tr>
          <td width="59%"><b>Password</b></td>
            <td width="41%"><input type="password" name="password" size="20" maxlength="20" 

/></td>
          </tr>
          
        </table>
        <p><div align="center"><input type="submit" name="submit" value="Login" /></div> </p>
      </form>
    </td>
  </tr>
</table>
the problem is even if i give correct username and password it always says..
The username and password entered do not match those on file.

whats the matter
other login are running well....in another tables...(ie students)
please help
rami
pilau
Forum Regular
Posts: 594
Joined: Sat Jul 09, 2005 10:22 am
Location: Israel

Post by pilau »

Try using mysql_fetch_assoc() instead of mysql_fetch_array().
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you are using MySQL's built-in password system?
ryanlwh
Forum Commoner
Posts: 84
Joined: Wed Sep 14, 2005 1:29 pm

Post by ryanlwh »

i believe password has to be varchar(16) for PASSWORD to work, because that function returns a hash string of length 16. Maybe substring of PASSWORD('$p') would work.

Code: Select all

AND password=LEFT(PASSWORD('$p'),15)
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Post by rami »

ryanlwh wrote:i believe password has to be varchar(16) for PASSWORD to work, because that function returns a hash string of length 16. Maybe substring of PASSWORD('$p') would work.

Code: Select all

AND password=LEFT(PASSWORD('$p'),15)
ya this sounds sensible ...
now i remember why most of tutorials ,books do
password varchar(16) not null...
i will try it....
in my another page it same 16 so its working fine....
rami
thanks for help
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

MySQL recommends to not user their internal PASSWORD() function for anything but MySQL user rights. It's suggested you use MD5, SHA1, or some other uniform hashing system.
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Post by rami »

feyd wrote:MySQL recommends to not user their internal PASSWORD() function for anything but MySQL user rights. It's suggested you use MD5, SHA1, or some other uniform hashing system.
thanks mr fyed for the suggestion ...
the word "MySQL recommends ..." sums thing some what for me now means they totally dont forbid it...
as i am new to php and mysql ,i dont know much about these things ....
may be i will also try to adopt all the rules principles some day if i get master in the coding like you ...
for now i am experimenting ...
so i think not too bad...to use it...
thanks for letting me know it...
rami
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the reason they recommend not using it is because it's implementation changes between certain versions of the database.
Post Reply