943,756 Members | Top Members by Rank

Web Development > PHP > login script not checking password
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 1128
  • PHP RSS
Permalink
Aug 14th, 2009
1

login script not checking password

Expand Post »
Hi i have this login script which works. it will work for passwords that i have directly entered into the database through phpmyadmin but wont login for the passwords that i have entered through the registeration script for which i have used md5. Understandable !

But as soon as i put md5 for the password field(as commented out below) in the loginscript, it takes me straight to the relogin page. As in it wont recognise the incripted passwords i am putting in, i have checked them against my paperwork as i wrote them down thinking i might forget and they are correct ones i am entering.

When i am typing the password it is coming up in plain text instead of *****.

This is part of a project i would really really appreciate any help.

<?php
$host="localhost"; // Host name 
$usernamee="*****"; // Mysql username 
$passwordd="*****"; // Mysql password 
$db_name="sportscentre"; // Database name 
$tbl_name="registration"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$usernamee", "$passwordd")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username'];  
$password = ($_POST['password']);

//$password = md5($_POST['password']);

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql) or die ("Query failed: " . mysql_error());;

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

include 'member_login_success.php';
}
else {
//echo "Wrong Username or Password";
include 'relogin_member.php';
}
?>
Last edited by peter_budo; Aug 16th, 2009 at 4:58 am. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
Similar Threads
Reputation Points: 13
Solved Threads: 0
Newbie Poster
Newbi is offline Offline
12 posts
since Aug 2009
Permalink
Aug 15th, 2009
1

Re: login script not checking password

Is the password stored in the database as the md5 hash?
If so, is the field configured to allow all 32 characters of the md5 hash, or is it being truncated?

Also, when you login are you using the actual word or the md5 hash?
if you are typing in the md5 hash directly, then md5 hashing it again will give you a different value.

What do you get if you echo the password to screen after you have done the md5()?
Reputation Points: 14
Solved Threads: 10
Junior Poster in Training
SimonMayer is offline Offline
53 posts
since Apr 2008
Permalink
Aug 15th, 2009
0

Re: login script not checking password

Hi Thanks for replying. Yes the password is stored as md5 & the field takes 32 characters.
When i log in i use the actual word not the md5 hash but it still wont take it. I tried what u said about echo the password, with the md5 it echos the md5 password entered in the form which is also the one in the database. but silly me ;+) has just realised that even though i changed the field to accept 32 chars it is not showing 32 in database so i just going to delete table & make it again. I will c if that works and let u know.
Reputation Points: 13
Solved Threads: 0
Newbie Poster
Newbi is offline Offline
12 posts
since Aug 2009
Permalink
Aug 15th, 2009
0

Re: login script not checking password

Hi I made the table again and entered data through the registration form. Now it will let me log in if i use md5 in the login script. Only problem is when i enter the password i can see what i am entering not secure. why is this happening? why are the stars not appearing in place of the characters?
Reputation Points: 13
Solved Threads: 0
Newbie Poster
Newbi is offline Offline
12 posts
since Aug 2009
Permalink
Aug 15th, 2009
1

Re: login script not checking password

The type of field you use in your HTML form should be "password" not "text". ie <input type="password" name="password">
Last edited by Dukane; Aug 15th, 2009 at 9:29 pm. Reason: fixed code tags
Reputation Points: 45
Solved Threads: 28
Posting Whiz in Training
Dukane is offline Offline
282 posts
since Oct 2006
Permalink
Aug 15th, 2009
-1

Re: login script not checking password

Silly. mark as solved.
Reputation Points: 15
Solved Threads: 7
Posting Pro in Training
SKANK!!!!! is offline Offline
428 posts
since Apr 2009
Permalink
Aug 16th, 2009
0

Re: login script not checking password [solved]

I must admit that was a silly mistake abt the password but thats
how we learn, I will always remember to check it next time. I just want to say thank you Simon & Dukane your replies really helped, problem solved in seconds.
Reputation Points: 13
Solved Threads: 0
Newbie Poster
Newbi is offline Offline
12 posts
since Aug 2009
Permalink
Aug 16th, 2009
0

Re: login script not checking password

I found what I believe to be an error in your script on line 4 for the mysql password the variable is $passwordd . I'm not sure if that was on purpose or an accident... looks accidental.
Reputation Points: 48
Solved Threads: 11
Posting Pro
tiger86 is offline Offline
540 posts
since Feb 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Sum_array on Key
Next Thread in PHP Forum Timeline: mysql/php





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC