Programming Help

Web Development



What's Here?

  • Members: 117,337
  • Replies: 431,178
  • Topics: 66,554
  • Snippets: 2,391
  • Tutorials: 630
  • Total Online: 2,128
  • Members: 68
  • Guests: 2,060

Who's Online?

Welcome to Dream.In.Code
Getting PHP Help is Easy!

Join 117,337 PHP Programmers for FREE! Ask your question and get quick answers from experts. There are 2,128 online right now! We've got more than 500 tutorials and 2,000 snippets. Join and find out why Dream.In.Code is the #1 programming help community on the internet! Registration is fast and FREE... Join Now!



Login issues

 
 Reply to this topicStart new topic

Login issues, having trouble getting the password to confirm
Chupa85
post 6 May, 2008 - 04:03 PM
Post #1


New D.I.C Head

*
Joined: 17 Sep, 2007
Posts: 17


My Contributions
I am trying to design a login page for a section of my site. However everytime I hit "Login" it tells me that I have an incorrect password. I have copied the password directly so I know I'm not typing it in wrong and there is only one record in the table so I know that I am not referencing the wrong row. Any help woudl be greatly appreciated.

CODE

//Checks if there is a login cookie
if(isset($_COOKIE['SecureID']))

//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['SecureID'];
$pass = $_COOKIE['Password'];
$check = mysql_query("SELECT * FROM Admin WHERE AdminID = '$username'")or die(mysql_error());
while($info = mysql_fetch_array($check))
{
if ($pass != $info['Password'])
{
}
else
{
header("Location: WEBSITE");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['SecureID'] | !$_POST['Password']) {
die('You did not fill in a required field.');
}
// checks it against the database

$check = mysql_query("SELECT * FROM Admin WHERE AdminID = '".$_POST['SecureID']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('Incorrect ID.');
}
while($info = mysql_fetch_array($check))
{
$_POST['Password'] = stripslashes($_POST['Password']);
$info['Password'] = stripslashes($info['Password']);

//gives error if the password is wrong
if ($_POST['Password'] != $info['Password']) {
die('Incorrect password, please try again.');
}
else
{

// if login is ok then we add a cookie
$_POST['SecureID'] = stripslashes($_POST['SecureID']);
setcookie(SecureID, $_POST['SecureID']);
setcookie(Password, $_POST['Password']);

//then redirect them to the members area
header("Location: WEBSITE");
}
}
}
else
{

// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="SecureID" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="Password" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}

?>
User is offlineProfile CardPM

Go to the top of the page


Martyr2
post 6 May, 2008 - 04:21 PM
Post #2


Programming Theoretician

Group Icon
Joined: 18 Apr, 2007
Posts: 4,604



Thanked 115 times

Expert In: C/C++, Java, VB, VB.NET, C#, PHP, Web Development, HTML & CSS, Javascript

My Contributions
Well one thing you have wrong is an incorrect if statement...

CODE

// Should be using a function like isset() and double pipes for OR... ||
if(!$_POST['SecureID'] | !$_POST['Password']) {
die('You did not fill in a required field.');
}


Second your code is very messy and smashed together. You appear to be doing two types of checks, one for if they have the cookies and one if they don't. You can simply store the cookie value into the necessary variables, check if they have provided any values in the form and clobber the variables you have stored before verifying the username and password.

The idea is that you will want to merge the two types of login checks into one central verification process where you boil it down to one username and password. Where those variables came from (by cookie or by form) is not really the main focus.

I recommend you echo out the values of your $_POST['Password'] and your $info['Password'] values and see how they are different. I am sure one is probably coming up null or has extra values in it.

Check them out. smile.gif
User is offlineProfile CardPM

Go to the top of the page

joeyadms
post 6 May, 2008 - 04:35 PM
Post #3


D.I.C Head

Group Icon
Joined: 4 May, 2008
Posts: 145



Thanked 6 times

Dream Kudos: 600
My Contributions
Like Martyr2 said, you should be indenting better, and querying this way will have you running circles debugging things.

And NEVER store username/password data in cookies, always use session data for this, this is a huge security risk.

However this is why your code is not working
CODE

while($info = mysql_fetch_array($check))


Without any other params fetch_array will only return a numeric array, what you want to do is this
CODE

while($info = mysql_fetch_array($check, MYSQL_ASSOC))

Or better

while($info = mysql_fetch_assoc($check))



Also change the operator in the if statement from | to ||

Hope that helps
User is offlineProfile CardPM

Go to the top of the page

Fast ReplyReply to this topicStart new topic
Time is now: 10/7/08 01:31AM
Invision Power Board v2.1.7 © 2008  IPS, Inc.
Licensed to: MediaGroup1

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Thumb Drive

Partners

Top Contributors

Top 10 Kudos This Month