 |  |  |  |  |  |  |  |
login script not checking password
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi i have this login script which works. it will work for passwords that i have directly entered into the database through phpmyadmin but wont login for the passwords that i have entered through the registeration script for which i have used md5. Understandable !
But as soon as i put md5 for the password field(as commented out below) in the loginscript, it takes me straight to the relogin page. As in it wont recognise the incripted passwords i am putting in, i have checked them against my paperwork as i wrote them down thinking i might forget and they are correct ones i am entering.
When i am typing the password it is coming up in plain text instead of *****.
This is part of a project i would really really appreciate any help.
But as soon as i put md5 for the password field(as commented out below) in the loginscript, it takes me straight to the relogin page. As in it wont recognise the incripted passwords i am putting in, i have checked them against my paperwork as i wrote them down thinking i might forget and they are correct ones i am entering.
When i am typing the password it is coming up in plain text instead of *****.
This is part of a project i would really really appreciate any help.
<?php
$host="localhost"; // Host name
$usernamee="*****"; // Mysql username
$passwordd="*****"; // Mysql password
$db_name="sportscentre"; // Database name
$tbl_name="registration"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$usernamee", "$passwordd")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password = ($_POST['password']);
//$password = md5($_POST['password']);
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql) or die ("Query failed: " . mysql_error());;
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
include 'member_login_success.php';
}
else {
//echo "Wrong Username or Password";
include 'relogin_member.php';
}
?> Last edited by peter_budo; Aug 16th, 2009 at 4:58 am. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
•
•
Join Date: Apr 2008
Posts: 53
Reputation: 
Solved Threads: 10
Junior Poster in Training
Is the password stored in the database as the md5 hash?
If so, is the field configured to allow all 32 characters of the md5 hash, or is it being truncated?
Also, when you login are you using the actual word or the md5 hash?
if you are typing in the md5 hash directly, then md5 hashing it again will give you a different value.
What do you get if you echo the password to screen after you have done the md5()?
If so, is the field configured to allow all 32 characters of the md5 hash, or is it being truncated?
Also, when you login are you using the actual word or the md5 hash?
if you are typing in the md5 hash directly, then md5 hashing it again will give you a different value.
What do you get if you echo the password to screen after you have done the md5()?
Hi Thanks for replying. Yes the password is stored as md5 & the field takes 32 characters.
When i log in i use the actual word not the md5 hash but it still wont take it. I tried what u said about echo the password, with the md5 it echos the md5 password entered in the form which is also the one in the database. but silly me ;+) has just realised that even though i changed the field to accept 32 chars it is not showing 32 in database so i just going to delete table & make it again. I will c if that works and let u know.
When i log in i use the actual word not the md5 hash but it still wont take it. I tried what u said about echo the password, with the md5 it echos the md5 password entered in the form which is also the one in the database. but silly me ;+) has just realised that even though i changed the field to accept 32 chars it is not showing 32 in database so i just going to delete table & make it again. I will c if that works and let u know.
Hi I made the table again and entered data through the registration form. Now it will let me log in if i use md5 in the login script. Only problem is when i enter the password i can see what i am entering not secure. why is this happening? why are the stars not appearing in place of the characters?
•
•
Join Date: Oct 2006
Posts: 263
Reputation:
Solved Threads: 22
Posting Whiz in Training
The type of field you use in your HTML form should be "password" not "text". ie
<input type="password" name="password"> Last edited by Dukane; Aug 15th, 2009 at 9:29 pm. Reason: fixed code tags
It is very important to read this: http://www.catb.org/~esr/faqs/smart-questions.html
•
•
Join Date: Apr 2009
Posts: 281
Reputation:
Solved Threads: 2
Posting Whiz in Training
Silly. mark as solved.
I must admit that was a silly mistake abt the password but thats
how we learn, I will always remember to check it next time. I just want to say thank you Simon & Dukane your replies really helped, problem solved in seconds.
how we learn, I will always remember to check it next time. I just want to say thank you Simon & Dukane your replies really helped, problem solved in seconds.
|
Similar Threads
- Secure PHP Login Script (PHP)
- very simple login script (checking 2 variables before writing cookie) (PHP)
- login script is not working (PHP)
- Trying to create a login system (PHP)
- login script using sessions (PHP)
Other Threads in the PHP Forum
- Previous Thread: Sum_array on Key
- Next Thread: mysql/php
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
ajax apache api array back basic beginner binary broken cakephp checkbox class cms code computing cron curl database date delete display dynamic echo email error external file files filter folder form forms function functions gc_maxlifetime google host href htaccess html iframe image include insert integration ip java javascript joomla limit link login loop mail memmory memory menu mlm multiple mysql navigation oop parsing paypal pdf php problem query question radio random recursion regex remote script search server sessions sms snippet soap source space sql syntax system table thesishelp trouble tutorial update upload url validation validator variable video web xml youtube
