SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help needed with setting up PHP login script

    Hi All,

    On my login page, for some reason the login file will not recognize the correct login number as supplied by the admin file as it should. It continually says login failed, please try again.
    Can anyone see where the code may be going awry. Any help would be appreciated.

    login.php file reads;

    <?php

    session_start();
    $_SESSION["loggedin"] = false;
    require("admin_1.php");

    if ($_REQUEST["submit"]) {
    if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]."phpCart") == $adminPassword){
    $loggedin = true;
    session_register("loggedin");
    $_SESSION["loggedin"] = true;
    header("Location: index.php");
    exit();
    }
    else
    $errormessage = "Login failed, please try again.<br>\n";
    }
    require("hf.php");
    pageHeader();
    echo $errormessage;
    ?>
    <form action='login.php' method='post'>
    <div align='center'>
    <center>
    <table border='0' cellpadding='0' cellspacing='8' width='55%'>
    <tr>
    <td width='59%'><font size='2' face='Verdana'>Login Username/font></td>
    <td width='41%'><input type='text' name='username' size='20' value='<? echo $_REQUEST["username"]; ?>'></td>
    </tr>
    <tr>
    <td width='59%'><font size='2' face='Verdana'>Password/font></td>
    <td width='41%'><input type='password' name='password' size='20'></td>
    </tr>
    <tr>
    <td width='100%' colspan='2'>
    <p align='center'><input type='submit' name='submit' value='Login'></p>
    </td>
    </tr>
    </table>
    </center>
    </div>
    </form>
    <?
    pageFooter();
    ?>

    admin_1.php file which is called reads;

    <?php
    $adminUsername = "admin";
    $adminPassword = "admin";
    ?>

    Thanks

  2. #2
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    PHP Code:
    md5($_REQUEST["password"]."phpCart") == $adminPassword
    You're comparing a MD5 hash to a plain text password. They don't match

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,460
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)

    login

    Hi advisual, welcome to the forums,
    I would use POST instead of REQUEST, but I think the problem is probably with this
    PHP Code:
    if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]."phpCart") == $adminPassword){ 
    Do you really want to md5 the "phpcart" with the "password"?

  4. #4
    American't awestmoreland's Avatar
    Join Date
    Sep 2002
    Location
    Grand Rapids, MI
    Posts
    1,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I agree with all the comments above, and would add that you are comparing the MD5'd value with the ascii value, so the two values are never going to be equal.

    If you removed the ."phpcart" as mentioned above and replaced the password line in admin_1.php with the following, then it will work:

    $adminPassword = "21232f297a57a5a743894a0e4a801fc3";



    Andy
    From the English nation to a US location.

  5. #5
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the help guys.

    As suggested by awestmoreland I changed the admin_1.php file to $adminPassword = "21232f297a57a5a743894a0e4a801fc3"; and I still come up with the same error.

    Also while I appreciate the critique I am new at this so solutions would be greatly appreciated.

    I'm not sure how to correct the MD5 hash.

    Thanks

  6. #6
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,460
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)

    md5

    Perhaps it would work OK if you changed
    PHP Code:
    $adminPassword "admin"
    to
    PHP Code:
    $adminPassword md5("admin"); 
    and
    PHP Code:
    if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]."phpCart") == $adminPassword){ 
    to
    PHP Code:
    if ($_REQUEST["username"] == $adminUsername && md5($_REQUEST["password"]) == $adminPassword){ 

  7. #7
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No Luck.

    Still I'm getting the error

  8. #8
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,460
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)

    bugs

    From the PHP docs
    Request variables: $_REQUEST
    Note: Introduced in 4.1.0. There is no equivalent array in earlier versions.
    I don't imagine this is the problem, but just in case.

  9. #9
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by advisual
    <td width='59%'><font size='2' face='Verdana'>Password/font></td>
    watch out, someone is eating your fonts!

    Seriously, please read read before you post before you post

  10. #10
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry, confuses me too much.
    here's a working simple example. use and abuse it as desired:
    PHP Code:
    <?php
     
    $adminUsername 
    'admin';
    $adminPassword md5('admin');
    $loggedin false;
     
    $user = isset($_POST['user']) ? addslashes($_POST['user']) : '';
    $pass = isset($_POST['pass']) ? md5($_POST['pass']) : '';
     
    session_start();
     
    if (isset(
    $_POST['submit']))
    {
        if (
    $user == $adminUsername && $pass == $adminPassword)
        {
            
    $loggedin true;
            
    $_SESSION['user'] = $user;
            
    $_SESSION['pass'] = $pass;
            
    $_SESSION['loggedin'] = $loggedin;
            echo 
    "You are logged in<br>
                 You will be redirected to your appropriate section in 5 seconds."
    ;
            echo 
    '<META HTTP-EQUIV="Refresh" CONTENT="5; URL=index.php">';
        }
        else
        {
            echo 
    "Login failed<br>";
        }
    }
    ?>
     
    <form name="login" method="post" action="login.php">
    <table border="0" align="center" cellpadding="3" cellspacing="3">
        <tr>
         <td>Username:</font></td>
         <td><input type="text" size="10" name="user"></td>
         <td>Password:</font></td>
         <td><input type="password" size="10" name="pass"></td>
         <td><input type="submit" name="submit" value="Login"></td>
        </tr>
    </table>
    </form>
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  11. #11
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Frezno,

    Thanks 1000 times. You tweak absolutely worked.

    For my education purposes could you explain what you did and why mine was wrong.

    Thanks again,

    George


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •