Login form not working

[lukeurtnowski]

I have a question for my login page,
http://denverasp.com/php/login.php
I created a test user
Email: test@aol.com
Pass: test
(You can see that the user is in my database (sp0.png) its encrypted (sp1.png) in the database too)
But when I try and login (which should forward me to members.php)
It gives me the message telling me I have the wrong password, but isn't it test in the database?
Thanks for your help...
Here's the php code for login.php

PHP Code:

<?php
// Connects to your Database
include("db_conn_open.php");

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM Providers WHERE Email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['email'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM Providers WHERE Email = '".$_POST['email']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=become_a_provider.php>Click Here to become a provider</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}else
{

// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{

// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

[Raju Gautam]

Though i cannot see your attached images they are yet to approved, the code itself seems to be fine. Are you sure encryption is same md5() in db to?? I think you do not have to strip the slashes from the md5ed string and that is brought from the database. Try echoing both the passwords (retrieved from db and entered md5ed) and compare if they are really same.

And one more thing, do not forget to terminate (die() or exit()) the script just after header() specially when you are using for redirection so that rest of the script does not get executed.

[lukeurtnowski]

ya, if you look at the screenshot of the database (phpmyadmin), you can see its encrypted with md5()
I followed, (or tried to)
http://php.about.com/od/finishedphp1...login_code.htm
I printed out the array (where email - test@aol.com)
http://denverasp.com/php/login.php
That password is test encrypted right?

[lukeurtnowski]

But, if I fill out the form, submit it, then print out the POST variables, I notice that the pass variable is not encrypted. Shouldn't it be encrypted?

[zahidraf]

Use Md5 or Shah for encryption and you can write your own encryption method

[Raju Gautam]

Ahh.. the problme is that your password field does not contain all the 32 md5ed encrypted password there are only 25 characters visible in the column... So i think you should have password field as varchar(32) at least 32 characters.