SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 27
  1. #1
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP login system problem

    Hi everyone,

    I'm experiencing problem using my login system. The followig is my login.php. I'm stuck on the last IF. I'm getting the message for wrong password(it's not). Tried with others accounts but same.

    PHP Code:
    <?php
    include('include_fns.php');
    if ( (!isset(
    $_POST['username'])) || (!isset($_POST['password'])) ) {
      print 
    'You must enter your username and password to proceed';
      exit;
    }
    $username $_POST['username'];
    $password $_POST['password'];
    if (
    login($username$password)) {
      
    $_SESSION['auth_user'] = $username;
      
    header('Location: '.$_SERVER['HTTP_REFERER']);
    }
    else {
      print 
    'The password you entered is incorrect';
      exit;
    }
     
    ?>

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    // start the session
    session_start();

    // assume you have a function like this:

    function login$u$p )
    {
        
    $query mysql_query"SELECT username FROM users WHERE username = '$u' AND password = '$p'" ) or
            die( 
    mysql_error() );
        if ( 
    mysql_num_rows($query) )
        {
            return 
    true;
        }
        return 
    false;
    }
    if ( (! isset(
    $_POST['username'])) || (! isset($_POST['password'])) )
    {
        print 
    'You must enter your username and password to proceed';
        exit;
    }
    $username $_POST['username'];
    $password $_POST['password'];

    if ( 
    login($username$password) )
    {
        
    $_SESSION['auth'] = 1;
        
    $_SESSION['auth_user'] = $username;

        
    // The address of the page (if any) which referred the user agent to the current page. This is set by
        // the user agent. Not all user agents will set this, and some provide the ability 
        // to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. 

        
    header'Location: ' . @$_SERVER['HTTP_REFERER'] );
    }
    else
    {
        
    $_SESSION['auth'] = false;
        
    $_SESSION['auth_user'] = false;
        
    session_destroy();

        print 
    'The password you entered is incorrect';
        exit;

    my mobile portal
    ghiris.ro

  3. #3
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it's not different than mine. The query you posted before the check is located in a include file.

  4. #4
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Maybe the password is md5 hash in the table.
    my mobile portal
    ghiris.ro

  5. #5
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you post your function to be more clear? It would be easier to say if something wrong inside the function specially in return statement.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  6. #6
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's the way I use. The user opens stories.php and if it's not logged redirected to login.php there I got a problem with the log. My password is 100&#37; correct but it still print me a message "The password you entered is not correct"

    db_fns.php
    PHP Code:
    <?php
    function db_connect()
    {
       
    $result = @mysql_pconnect('*****''******''******'); 
       if (!
    $result)
          return 
    false;
       if (!@
    mysql_select_db('******'))
          return 
    false;
       return 
    $result;
    }
    function 
    get_writer_record($username)
    {
      
    $conn db_connect();
      
    $sql "select * from writers where username = '$username'";
      
    $result mysql_query($sql$conn);
      return(
    mysql_fetch_array($result));
    }
    function 
    get_story_record($story)
    {
      
    $conn db_connect();
      
    $sql "select * from stories where id = '$story'";
      
    $result mysql_query($sql$conn);
      return(
    mysql_fetch_array($result));
    }
    ?>
    select_fns.php
    PHP Code:
    <?php
    function query_select($name$query$default='')
    {
      
    $conn db_connect();
      
    $result mysql_query($query$conn);
      if (!
    $result)
        return(
    0);
      
    $select  "<SELECT NAME=\"$name\">";
      
    $select .= "<OPTION VALUE=\"\">-- Choose --</OPTION>";
      for (
    $i=0$i mysql_numrows($result); $i++) {
        
    $opt_code mysql_result($result$i0);
        
    $opt_desc mysql_result($result$i1);
        
    $select .= "<OPTION VALUE=\"$opt_code\"";
        if (
    $opt_code == $default) {
          
    $select .= ' SELECTED';
        }
        
    $select .=  ">[$opt_code$opt_desc</OPTION>";
      }
      
    $select .= "</SELECT>\n";
      return(
    $select);
    }
    user_auth_fns.php
    PHP Code:
    <?php
    function login($username$password)
    // check username and password with db
    // if yes, return true
    // else return false
    {
      
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    0;
      
    $result mysql_query("select * from writers
                             where username='
    $username'
                             and password = password('
    $password')");
      if (!
    $result)
         return 
    0;
     
      if (
    mysql_num_rows($result)>0)
         return 
    1;
      else 
         return 
    0;
    }
    function 
    check_auth_user()
    // see if somebody is logged in and notify them if not
    {
      if (isset(
    $_SESSION['auth_user']))
        return 
    true;
      else
        return 
    false;
    }
    ?>

  7. #7
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    // db_fns.php

    function db_connect()
    {
        
    $result mysql_pconnect'*****''*****''*****' );
        if ( ! 
    $result )
            return 
    false;
        if ( ! 
    mysql_select_db('*****') )
            return 
    false;
        return 
    $result;
    }

    function 
    get_writer_record$username )
    {
        
    $conn db_connect();
        
    $sql "select * from writers where username = '$username'";
        
    $result mysql_query$sql$conn );
        return 
    mysql_fetch_array($result);
    }

    function 
    get_story_record$story )
    {
        
    $conn db_connect();
        
    $sql "select * from stories where id = '$story'";
        
    $result mysql_query$sql$conn );
        return 
    mysql_fetch_array($result);
    }

    // select_fns.php

    function query_select$name$query$default '' )
    {
        
    $conn db_connect();
        
        
    $result mysql_query$query$conn );
        
        if ( ! 
    $result )
            return 
    0;
            
        
    $select "<select name=\"$name\">";
        
    $select .= "<option value=\"\">-- choose --</option>";
        
        for ( 
    $i 0$i mysql_numrows($result); $i++ )
        {
            
    $opt_code mysql_result$result$i);
            
    $opt_desc mysql_result$result$i);
            
            
    $select .= "<option value=\"$opt_code\"";
            if ( 
    $opt_code == $default )
            {
                
    $select .= ' selected';
            }
            
    $select .= ">[$opt_code$opt_desc</option>";
        }
        
    $select .= "</select>\n";
        return 
    $select;
    }

    // user_auth_fns.php

    function login$username$password )
    {
        
    $conn db_connect();
        
        if ( ! 
    $conn )
            return 
    0;
        
    $result mysql_query"select username
                                     , password 
                                  from writers 
                                where username='
    $username'
                                 and 
                                password=password('
    $password')" ) or die( mysql_error() );
        if ( ! 
    $result )
            return 
    0;
        if ( 
    mysql_num_rows($result) > )
            return 
    1;
        else
            return 
    0;
    }

    function 
    check_auth_user()
    {
        if ( isset(
    $_SESSION['auth_user']) )
            return 
    true;
        else
            return 
    false;
    }

    // login_process.php

    ini_set"display_errors");
    error_reportingE_ALL );

    session_start();

    require_once ( 
    'db_fns.php' );
    require_once ( 
    'user_auth_fns.php' );

    if ( (! isset(
    $_POST['username'])) || (! isset($_POST['password'])) )
    {
        print 
    'You must enter your username and password to proceed';
        exit;
    }

    $username $_POST['username'];
    $password $_POST['password'];

    if ( 
    login($username$password) )
    {
        
    $_SESSION['auth_user'] = $username;
        
        
    header'Location: ' $_SERVER['HTTP_REFERER'] );
    }
    else
    {
        print 
    'The password you entered is incorrect';
        exit;

    Last edited by Ernie1; Sep 11, 2008 at 03:04. Reason: added session start to login_process.php
    my mobile portal
    ghiris.ro

  8. #8
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Still same.Can't login

  9. #9
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you sure that your password is saved as encrypted with mysql's PASSWORD while inserting into database? Try to run the query outside of PHP in some mysql client software and see whether it is returning value.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  10. #10
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    run some debugging - echo out various parts:
    PHP Code:
    function login($username$password)
    // check username and password with db
    // if yes, return true
    // else return false
    {
      
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    0;
      
    $sql "
          select 
              * 
        from 
            writers
        where 
            username='
    $username'
        and 
            password = password('
    $password')";
            
      
    $result mysql_query($sql) or die(mysql_error());
     
    /* debug */
     
    echo $sql;
     
      if (!
    $result) {
        return 
    0;
        
    /* debug */
        
    echo 'No $result';
      }
      
      
    $numRows mysql_num_rows($result);
      
      if (
    $numRows 0) {
         return 
    1;
         
    /* debug */
         
    echo $numRows;
        } else {
            return 
    0;
        } 
         

    find where the fail is.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  11. #11
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ckeck now with session_start on top of login_process.php
    my mobile portal
    ghiris.ro

  12. #12
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rajug View Post
    Are you sure that your password is saved as encrypted with mysql's PASSWORD while inserting into database? Try to run the query outside of PHP in some mysql client software and see whether it is returning value.
    Yes, it's encrypted. I've checked trought the phpMyAdmin.

  13. #13
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @spikez
    Uploaded the debug.
    Im getting the
    $sql now followed again with Incorrent passw
    Code:
     
    select * from writers where username='*****' and password = password('*******')The password you entered is incorrect

  14. #14
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    and is the username and password in the query right?
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  15. #15
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes.

  16. #16
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try like this once:
    PHP Code:
    function login($username$password){
        
    $conn db_connect();
        if (!
    $conn){
            return 
    '';
        }
        
    $sql "SELECT 
                    * 
                FROM 
                    writers
                WHERE
                    username='" 
    $username "' 
                    AND password=PASSWORD('" 
    $password "')";
        
    $result mysql_query($sql) or die(mysql_error());
        if(
    mysql_num_rows($result) >= 1){
            return 
    true;
        }
        else{
            return 
    false;
        }

    Edit:
    BTW, did you try to run the query outside PHP once?
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  17. #17
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you want I can package the CMS(20 small files) and see your self ?

  18. #18
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Still same, Rajug,

    Try to run the query outside of PHP in some mysql client software and see whether it is returning value.
    Can you give more information how to do that ? (im a beginner in the php so that sounds to me a bit non understandable)

  19. #19
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay,i've run a query in my phpMyAdmin
    Code:
    SELECT * FROM 'writers' WHERE 'username' = 'kozata-xakep';
    That showed me the following screenshot
    Attached Images Attached Images

  20. #20
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check if the password field type in writers is char(41)
    my mobile portal
    ghiris.ro

  21. #21
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ernie1 View Post
    check if the password field type in writers is char(41)
    It's varchar (16). Should I change it ?

  22. #22
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, that was the problem.
    my mobile portal
    ghiris.ro

  23. #23
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kozata-xakep View Post
    It's varchar (16). Should I change it ?
    Yes make it to at least varchar(41) better to make it more than this.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  24. #24
    SitePoint Zealot kozata-xakep's Avatar
    Join Date
    Feb 2008
    Location
    Varna, Bulgaria
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Changed to vachar(41). Now what ?
    Should I run the db_sql again ?

  25. #25
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    ^ yes
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •