Page 1 of 1

why password is not matching

Posted: Fri Sep 30, 2005 5:57 am
by rami
i have in database
Field Type Collation Attributes Null Default
tusername varchar(30) latin1_swedish_ci Yes NULL
password varchar(15) latin1_swedish_ci Yes NULL

according to mysqladmin

i have code as

Code: Select all

<?php 
ob_start(); 

$page_title = 'Login'; 
if (isset($_POST['submit'])) { 
require_once('../mysql_connect1.php'); 
    
   if (empty($_POST['tusername'])) { // 
        

$u = FALSE; 
      echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>'; 
   } else { 
   $u =escape_data($_POST['tusername']); 
   } 
    
    

if (empty($_POST['password'])) { 
      $p = FALSE; 
      echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>'; 
   } else { 
        

$p = escape_data($_POST['password']); 
   } 
    
   if ($u && $p) { 
    
$query = "SELECT teach_id,tusername FROM teachers WHERE tusername='$u' AND 

password=PASSWORD('$p')";  
   $result = @mysql_query ($query); 
      $row = mysql_fetch_array ($result); 
        
      if ($row) { 
              
        session_start();      
$_SESSION['tname'] = $row[1]; 
            $_SESSION['teach_id'] = $row[0]; 
        

   ob_end_clean(); 
            header ("Location: 

http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/disteachers.php?uid=".$row['teach_

id']."");            exit(); 
              
      } else { 

// No match was made. 
         echo '<p><font color="red" size="+1">The username and password entered do not match 

those on file.</font></p>'; 
      } 
        
        

mysql_close(); // Close the database connection. 
        
   } else { // If everything wasn't OK. 
      echo '<p><font color="red" size="+1">Please try again.</font></p>';        
   } 
    
} // End of SUBMIT conditional. 
?> 

<center><h1>Login</h1> </center>
<table border="1" width="100%" bordercolor="#0000FF" bordercolorlight="#0000FF" 

bordercolordark="#0000FF" cellpadding="3">
  <tr>
    <td width="100%">
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
        
        <p align="center">&nbsp;&nbsp;&nbsp;&nbsp; <b>Add&nbsp; Students</b></p>
        <table border="0" width="100%" bgcolor="#EFEFEF" cellspacing="1" cellpadding="3">
          <tr>
            <td width="100%" colspan="2" bgcolor="#00659C">
              <p align="center"><b>&nbsp;<font color="#FFFFFF">Teacher's Login</font></b></td>
          </tr>
          <tr>
            <td width="59%"><b>UserName </b></td>
            <td width="41%"><input type="text" name="tusername" size="10" 

maxlength="20" value="<?php if (isset($_POST['tusername'])) echo $_POST['tusername']; ?>" /></td>
          </tr>
          <td width="59%"><b>Password</b></td>
            <td width="41%"><input type="password" name="password" size="20" maxlength="20" 

/></td>
          </tr>
          
        </table>
        <p><div align="center"><input type="submit" name="submit" value="Login" /></div> </p>
      </form>
    </td>
  </tr>
</table>
the problem is even if i give correct username and password it always says..
The username and password entered do not match those on file.

whats the matter
other login are running well....in another tables...(ie students)
please help
rami

Posted: Fri Sep 30, 2005 6:48 am
by pilau
Try using mysql_fetch_assoc() instead of mysql_fetch_array().

Posted: Fri Sep 30, 2005 8:05 am
by feyd
you are using MySQL's built-in password system?

Posted: Fri Sep 30, 2005 6:29 pm
by ryanlwh
i believe password has to be varchar(16) for PASSWORD to work, because that function returns a hash string of length 16. Maybe substring of PASSWORD('$p') would work.

Code: Select all

AND password=LEFT(PASSWORD('$p'),15)

Posted: Sat Oct 01, 2005 8:04 am
by rami
ryanlwh wrote:i believe password has to be varchar(16) for PASSWORD to work, because that function returns a hash string of length 16. Maybe substring of PASSWORD('$p') would work.

Code: Select all

AND password=LEFT(PASSWORD('$p'),15)
ya this sounds sensible ...
now i remember why most of tutorials ,books do
password varchar(16) not null...
i will try it....
in my another page it same 16 so its working fine....
rami
thanks for help

Posted: Sat Oct 01, 2005 8:09 am
by feyd
MySQL recommends to not user their internal PASSWORD() function for anything but MySQL user rights. It's suggested you use MD5, SHA1, or some other uniform hashing system.

Posted: Sat Oct 01, 2005 8:31 am
by rami
feyd wrote:MySQL recommends to not user their internal PASSWORD() function for anything but MySQL user rights. It's suggested you use MD5, SHA1, or some other uniform hashing system.
thanks mr fyed for the suggestion ...
the word "MySQL recommends ..." sums thing some what for me now means they totally dont forbid it...
as i am new to php and mysql ,i dont know much about these things ....
may be i will also try to adopt all the rules principles some day if i get master in the coding like you ...
for now i am experimenting ...
so i think not too bad...to use it...
thanks for letting me know it...
rami

Posted: Sat Oct 01, 2005 8:39 am
by feyd
the reason they recommend not using it is because it's implementation changes between certain versions of the database.