4 Replies - 886 Views - Last Post: 31 October 2012 - 08:22 PM Rate Topic: -----

#1 Skunny  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 12-March 12

PHP Login program problem

Posted 31 October 2012 - 04:12 PM

Hey everyone, Im having a problem with my login program correctly finding the login and password of a user in a mysql database.

I uploaded the database and can query it through putty with the code in the below login.php, but for some reason every time i try to login with that username and password, it just gives me a "Username or Password incorrect" as it displays in the code:

the database lets say "mydb" has a table called "dbusers". Column 1 = user_id, column 2 = username, column 3 = password.
there is only 1 entry = 1, myuser, mypassword

if ($sqlline[0] != $password)
            {
                // the password was entered incorrectly
                echo "The password you entered is incorrect.";
            } 



Here is my login.php which includes dbconnect.php and it should call my query.php when login is successful.

<?php
    session_start();
    include ("dbconnect.php"); // needed for the database connection
?>

<?php

    // redirect user if logged in already
    if (isset($_SESSION['username'])) 
    {
        header('Location: query.php');
        die;
    } // end of if

    if (isset($_POST['submit'])) 
    {
        // retreive the variables from the form
        $username = $_POST['username'];
        $password = $_POST['password'];

        // change the username so its uniform
        $username = strtolower($username);//This makes the username all lowercase
        $username = ucfirst($username);//This capitalizes the first letter

        // look for username in database
        $sql = "SELECT `username` FROM `dbusers` WHERE `username` = '$username'"; // this query works fine in putty.
        $query = mysql_query($sql);
        $sqlline = mysql_fetch_row($query);

        if ($sqlline[0] != $username) 
        {
            // the username doesn't exist in the database
            echo "The username or password you entered is incorrect.";
        } 
        else 
        { 
            // check the password 
            $sql = "SELECT `password` FROM `dbusers` WHERE `username` = '$username'"; //this query works fine in putty
            $query = mysql_query($sql);
            $sqlline = mysql_fetch_row($query);

            if ($sqlline[0] != $password)
            {
                // the password was entered incorrectly
                echo "The password you entered is incorrect.";
            } 
            else 
            { 
                // start the session and redirect user to query page
                $_SESSION['username'] = $username;
                header('Location: query.php');
                die;
            }
        }
    } 
    else 
    { 
        // display the form
        echo "<div><strong>Please enter a username and password.</strong>
                <form name='login' action='login.php' method='POST' >
                    Username: 
                    <input type='text' name='username' /><br/>
                    Password: 
                    <input type='password' name='password'/><br/>
                    <input type='submit' value='Submit' name='submit'/>
                </form>";       
    } // end of else for displaying the form
?>



here is dbconnect.php:

<?php

    // to connect to database
    $host = '*******'; // this is the correct server name.
    $username = '****'; // this is the username i use to connect to my database on the server
    $password = '****'; // this is my personal password encrypted to log onto that server
    $database = '****'; // this is the name of my database that is currently uploaded on the server

    $link = mysql_connect($host, $username, $password);

        //if statement if couldnt connect.
        if (!$link) 
        {
            echo "Couldn't connect to database - " . mysql_error();
        } //end if statement.
        // if statement to select the database.
        else 
        {
            $selectDB = mysql_select_db($database, $link);
            
            //error if database couldnt be connected to after selected.
            if (!$selectDB)
            {
                echo "Couldn't connect to database ($database) - " . mysql_error();
            }//end if statement.
        }//end if statement.
?>



any help would be appriciated, because i am at a loss.

Is This A Good Question/Topic? 0
  • +

Replies To: PHP Login program problem

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3000
  • View blog
  • Posts: 10,393
  • Joined: 08-August 08

Re: PHP Login program problem

Posted 31 October 2012 - 05:11 PM

  • mysql functions are deprecated. Read up on PDO or mysqli prepared statements.
  • Be sure to hash passwords.

Was This Post Helpful? 1
  • +
  • -

#3 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 244
  • View blog
  • Posts: 717
  • Joined: 24-November 08

Re: PHP Login program problem

Posted 31 October 2012 - 05:20 PM

Is your password stored as plain text or is it hashed? If you have hashed your password then you need to re-hash what has been entered to before matching it against what's returned from the database. (If you are not hashing then consider using sha256 with a salt).

As for the rest of the code, why are you checking username and password separately?

Consider checking to see if a row exists with the username and password (all in one query) and then display an error.

Basic example:
<?php
$query = "SELECT COUNT(*) FROM dbusers WHERE `username` = '$username' AND `password` = '$password'";
?>



Bear in mind, you should be either using prepared statements or at least escaping user inputted data, otherwise you are wide open to malicious attacks.

edit: @CT :shuriken:

This post has been edited by Slice: 31 October 2012 - 05:21 PM

Was This Post Helpful? 0
  • +
  • -

#4 Skunny  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 23
  • Joined: 12-March 12

Re: PHP Login program problem

Posted 31 October 2012 - 05:32 PM

Hashing and salting the passwords isnt needed because this is just an assignment with no security issues, so I placed static values in my database for the username and password.

for some reason the logon script is not finding the username or password in the database.

what could cause this in my previously posted code.
Was This Post Helpful? 0
  • +
  • -

#5 laytonsdad  Icon User is offline

  • Cheese and Sprinkles
  • member icon

Reputation: 440
  • View blog
  • Posts: 1,867
  • Joined: 30-April 10

Re: PHP Login program problem

Posted 31 October 2012 - 08:22 PM

Quote

Hashing and salting the passwords [isn't] needed because this is just an assignment with no security issues


Even if it is not required getting in the habit of being secure now will help you later because you will already know how to do it.

Could you show the error that is output?

This will help to make a better example of how to fix the error.

Edit:
Are you being taught to use the old mysql_ code in your class? This is being depreciated due to the fact that it is so hard to make it secure from SQL injection. Have a look here.

This post has been edited by laytonsdad: 31 October 2012 - 08:27 PM

Was This Post Helpful? 1
  • +
  • -

Page 1 of 1