1,105,169 Community Members

username password not working right

Member Avatar
GraficRegret
Junior Poster
182 posts since Nov 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

so here is the line calling the function:

$login = login($username, $password);

        if($login == false)
        {
            $errors[] = 'That username/password combination is incorrect';

        }else
        {
            $_SESSION[user_id] = $login;

            header('Location: anounceEdit.php');
            exit();

and here is the functions code

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

and the function that it calls

function user_id_from_username($username)
{
    $username = sanitize($username);
    $query = mysql_query("SELECT user_id FROM users WHERE userName = '$username'");

    return mysql_result($query, 0, 'user_id');
}

i know that i am entering the corect information i even went an redid it on the server end so that i could make sure and i am still getting:
Array ( [0] => That username/password combination is incorrect )
what am i missing here? been working on this login code for a week now so i definitely need a fresh pair of eyes

Member Avatar
broj1
Posting Virtuoso
1,576 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 218 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

Member Avatar
GraficRegret
Junior Poster
182 posts since Nov 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

nope no change either way

Member Avatar
GraficRegret
Junior Poster
182 posts since Nov 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

the code is working fine its the encryption that is not working properly, can anyone recoments an encryption that works right we were trying to use SHA1

Member Avatar
broj1
Posting Virtuoso
1,576 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 218 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 
Member Avatar
broj1
Posting Virtuoso
1,576 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 218 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);
Member Avatar
GraficRegret
Junior Poster
182 posts since Nov 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

i have had it lower case and it returned the same error

Member Avatar
broj1
Posting Virtuoso
1,576 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 218 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

Member Avatar
broj1
Posting Virtuoso
1,576 posts since Jan 2011
Reputation Points: 220 [?]
Q&As Helped to Solve: 218 [?]
Skill Endorsements: 21 [?]
Featured
 
0
 

And what does the sanitize function do? Does it work correctly?

Member Avatar
GraficRegret
Junior Poster
182 posts since Nov 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 

yeah i got that part fixed as i said before, i have moved on to trying to secure my sensitive pages so that they cant be accessed without logging in

Question Answered as of 1 Year Ago by broj1
Member Avatar
bpinkston1
Newbie Poster
1 post since Dec 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Have you tried using MD5 for encryption? I have used similar code to yours in the past, and it works just fine.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article