1.11M Members

username password not working right

 
0
 

so here is the line calling the function:

$login = login($username, $password);

        if($login == false)
        {
            $errors[] = 'That username/password combination is incorrect';

        }else
        {
            $_SESSION[user_id] = $login;

            header('Location: anounceEdit.php');
            exit();

and here is the functions code

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

and the function that it calls

function user_id_from_username($username)
{
    $username = sanitize($username);
    $query = mysql_query("SELECT user_id FROM users WHERE userName = '$username'");

    return mysql_result($query, 0, 'user_id');
}

i know that i am entering the corect information i even went an redid it on the server end so that i could make sure and i am still getting:
Array ( [0] => That username/password combination is incorrect )
what am i missing here? been working on this login code for a week now so i definitely need a fresh pair of eyes

 
0
 

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

 
0
 

nope no change either way

 
0
 

the code is working fine its the encryption that is not working properly, can anyone recoments an encryption that works right we were trying to use SHA1

 
0
 

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);
 
0
 

i have had it lower case and it returned the same error

 
0
 

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

 
0
 

And what does the sanitize function do? Does it work correctly?

 
0
 

yeah i got that part fixed as i said before, i have moved on to trying to secure my sensitive pages so that they cant be accessed without logging in

Question Answered as of 1 Year Ago by broj1
 
0
 

Have you tried using MD5 for encryption? I have used similar code to yours in the past, and it works just fine.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article