We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,231 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Whitewater cloud storage gateways
5 Months Ago
0

username password not working right

so here is the line calling the function:

$login = login($username, $password);

        if($login == false)
        {
            $errors[] = 'That username/password combination is incorrect';

        }else
        {
            $_SESSION[user_id] = $login;

            header('Location: anounceEdit.php');
            exit();

and here is the functions code

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

and the function that it calls

function user_id_from_username($username)
{
    $username = sanitize($username);
    $query = mysql_query("SELECT user_id FROM users WHERE userName = '$username'");

    return mysql_result($query, 0, 'user_id');
}

i know that i am entering the corect information i even went an redid it on the server end so that i could make sure and i am still getting:
Array ( [0] => That username/password combination is incorrect )
what am i missing here? been working on this login code for a week now so i definitely need a fresh pair of eyes

3
Contributors
10
Replies
2 Hours
Discussion Span
5 Months Ago
Last Updated
12
Views
Question
Answered
GraficRegret
Junior Poster
176 posts since Nov 2012
Reputation Points: 0
Solved Threads: 2
Skill Endorsements: 0
5 Months Ago
0

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
5 Months Ago
0

nope no change either way

GraficRegret
Junior Poster
176 posts since Nov 2012
Reputation Points: 0
Solved Threads: 2
Skill Endorsements: 0
5 Months Ago
0

the code is working fine its the encryption that is not working properly, can anyone recoments an encryption that works right we were trying to use SHA1

GraficRegret
Junior Poster
176 posts since Nov 2012
Reputation Points: 0
Solved Threads: 2
Skill Endorsements: 0
broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
5 Months Ago
0

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);
broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
5 Months Ago
0

i have had it lower case and it returned the same error

GraficRegret
Junior Poster
176 posts since Nov 2012
Reputation Points: 0
Solved Threads: 2
Skill Endorsements: 0
5 Months Ago
0

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
5 Months Ago
0

And what does the sanitize function do? Does it work correctly?

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
5 Months Ago
0

yeah i got that part fixed as i said before, i have moved on to trying to secure my sensitive pages so that they cant be accessed without logging in

GraficRegret
Junior Poster
176 posts since Nov 2012
Reputation Points: 0
Solved Threads: 2
Skill Endorsements: 0
Question Answered as of 5 Months Ago by broj1
5 Months Ago
0

Have you tried using MD5 for encryption? I have used similar code to yours in the past, and it works just fine.

bpinkston1
Newbie Poster
1 post since Dec 2012
Reputation Points: 0
Solved Threads: 0
Skill Endorsements: 0

This question has already been solved: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
 
© 2013 DaniWeb® LLC
Page rendered in 0.1044 seconds using 2.71MB