SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Hybrid View

  1. #1
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,582
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Login form not working

    I have a question for my login page,
    http://denverasp.com/php/login.php
    I created a test user
    Email: test@aol.com
    Pass: test
    (You can see that the user is in my database (sp0.png) its encrypted (sp1.png) in the database too)
    But when I try and login (which should forward me to members.php)
    It gives me the message telling me I have the wrong password, but isn't it test in the database?
    Thanks for your help...
    Here's the php code for login.php
    PHP Code:
    <?php
    // Connects to your Database
    include("db_conn_open.php");

    //Checks if there is a login cookie
    if(isset($_COOKIE['ID_my_site']))

    //if there is, it logs you in and directes you to the members page
    {
    $email $_COOKIE['ID_my_site'];
    $pass $_COOKIE['Key_my_site'];
    $check mysql_query("SELECT * FROM Providers WHERE Email = '$email'")or die(mysql_error());
    while(
    $info mysql_fetch_array$check ))
    {
    if (
    $pass != $info['password'])
    {
    }
    else
    {
    header("Location: members.php");

    }
    }
    }

    //if the login form is submitted
    if (isset($_POST['submit'])) { // if form has been submitted

    // makes sure they filled it in
    if(!$_POST['email'] | !$_POST['pass']) {
    die(
    'You did not fill in a required field.');
    }
    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }
    $check mysql_query("SELECT * FROM Providers WHERE Email = '".$_POST['email']."'")or die(mysql_error());

    //Gives error if user dosen't exist
    $check2 mysql_num_rows($check);
    if (
    $check2 == 0) {
    die(
    'That user does not exist in our database. <a href=become_a_provider.php>Click Here to become a provider</a>');
    }
    while(
    $info mysql_fetch_array$check ))
    {
    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

    //gives error if the password is wrong
    if ($_POST['pass'] != $info['password']) {
    die(
    'Incorrect password, please try again.');
    }else
    {

    // if login is ok then we add a cookie
    $_POST['email'] = stripslashes($_POST['email']);
    $hour time() + 3600;
    setcookie(ID_my_site$_POST['email'], $hour);
    setcookie(Key_my_site$_POST['pass'], $hour);

    //then redirect them to the members area
    header("Location: members.php");
    }
    }
    }
    else
    {

    // if they are not logged in
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Email:</td><td>
    <input type="text" name="email" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }
    ?>
    Attached Images Attached Images
    "Oh, and Jenkins--apparently your mother died this morning."

  2. #2
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Though i cannot see your attached images they are yet to approved, the code itself seems to be fine. Are you sure encryption is same md5() in db to?? I think you do not have to strip the slashes from the md5ed string and that is brought from the database. Try echoing both the passwords (retrieved from db and entered md5ed) and compare if they are really same.

    And one more thing, do not forget to terminate (die() or exit()) the script just after header() specially when you are using for redirection so that rest of the script does not get executed.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  3. #3
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,582
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    ya, if you look at the screenshot of the database (phpmyadmin), you can see its encrypted with md5()
    I followed, (or tried to)
    http://php.about.com/od/finishedphp1...login_code.htm
    I printed out the array (where email - test@aol.com)
    http://denverasp.com/php/login.php
    That password is test encrypted right?
    "Oh, and Jenkins--apparently your mother died this morning."

  4. #4
    SitePoint Wizard lukeurtnowski's Avatar
    Join Date
    Mar 2003
    Location
    Coronado
    Posts
    1,582
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    But, if I fill out the form, submit it, then print out the POST variables, I notice that the pass variable is not encrypted. Shouldn't it be encrypted?
    "Oh, and Jenkins--apparently your mother died this morning."

  5. #5
    SitePoint Member
    Join Date
    May 2009
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use Md5 or Shah for encryption and you can write your own encryption method

  6. #6
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ahh.. the problme is that your password field does not contain all the 32 md5ed encrypted password there are only 25 characters visible in the column... So i think you should have password field as varchar(32) at least 32 characters.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •