Hello Guys,

I'm having the biggest headache over this issue. I have a system that I designed which uses a standard php login script to a MySQL database. The system has account registration etc. For the past 5 months I've tested multiple accounts and logged in with one primary account with absolutely no problem. However, about 4 days ago, something really strange started to happen. When I log in with USER A account, for example, and then I logout and then I log back in with USER B's account, at some point when I attempt to log back in with USER A's account the system is not able to verify the password. Note: I didn't nothing to change the password. So finally, after banging my head on the wall, I found that the password SHA1 value in the MySQL database was being changed to eef19c54306daa69eda49c0272623bdb5e2b341f. NOTE: This value is NULL. Sure enough, if I login using the password value NULL the system let's me in. Also, when I change the value back to the originally password, the system allows me to login with no problem - that is, until the next time it changes the value to NULL. This happens to each account if I log in and out on multiple occasions. It is strange because I am unable to determine what triggers it BUT, as I said, things were fine for the past 5 months. I have NEVER seen anything like this before and it makes NO sense to me. Please understand that this has never happened before and I am ONLY executing basic password verification queries.

$q = "SELECT user_id, dango_id  FROM user WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL";		
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

	$myrow = @mysqli_num_rows($r);

		if($myrow == 1) {

			// Register the values
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);


 `user` (
  `user_id` bigint(12) NOT NULL AUTO_INCREMENT,
  `dango_id` varchar(20) NOT NULL,
  `name` varchar(20) NOT NULL,
  `email` varchar(75) NOT NULL,
  `password` char(40) NOT NULL,
  `cate_id` int(10) NOT NULL,
  `acct_type` int(1) NOT NULL,
  `active` char(32) DEFAULT NULL,
  `registration_date` datetime NOT NULL,
  PRIMARY KEY (`user_id`)

Not sure WHY in the world MYSQL keeps changing the SHA1 value to NULL. This is driving me crazy. I apologize for the long explanation and would appreciate any helpful input. Thanks in advance guys.


Strange indeed. Run a complete log (change the logging configuration in my.ini and restart the server) to see where and why the update occurs. Do you have any active triggers which do anything the the user table?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.