Member Avatar for GraficRegret

so here is the line calling the function:

$login = login($username, $password);

        if($login == false)
        {
            $errors[] = 'That username/password combination is incorrect';

        }else
        {
            $_SESSION[user_id] = $login;

            header('Location: anounceEdit.php');
            exit();

and here is the functions code

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

and the function that it calls

function user_id_from_username($username)
{
    $username = sanitize($username);
    $query = mysql_query("SELECT user_id FROM users WHERE userName = '$username'");

    return mysql_result($query, 0, 'user_id');
}

i know that i am entering the corect information i even went an redid it on the server end so that i could make sure and i am still getting:
Array ( [0] => That username/password combination is incorrect )
what am i missing here? been working on this login code for a week now so i definitely need a fresh pair of eyes

Edited by GraficRegret because: missed some code
  • 3 Contributors
  • 10 Replies
  • 207 Views
  • 2 Hours Discussion Span
  • Latest Post Latest Post by bpinkston1

Recommended Answers

All 10 Replies

Member Avatar for broj1

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

Edited by broj1
Member Avatar for GraficRegret

nope no change either way

Member Avatar for GraficRegret

the code is working fine its the encryption that is not working properly, can anyone recoments an encryption that works right we were trying to use SHA1

Edited by GraficRegret
Member Avatar for broj1

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);
Member Avatar for GraficRegret

i have had it lower case and it returned the same error

Member Avatar for broj1

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

Member Avatar for broj1

And what does the sanitize function do? Does it work correctly?

Member Avatar for GraficRegret

yeah i got that part fixed as i said before, i have moved on to trying to secure my sensitive pages so that they cant be accessed without logging in

Member Avatar for bpinkston1

Have you tried using MD5 for encryption? I have used similar code to yours in the past, and it works just fine.

Edited by bpinkston1 because: Mispelling
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.