/    Sign up×
Community /Pin to ProfileBookmark

Problem when trying to setup username and password authentication files

Copy linkTweet thisAlerts:
Apr 23.2009

Hi guys I`m trying to setup a system where a user enters a username and password and then tries to log in to the system and they are either authorized or rejected.

Password.html

[code=html]<form method=”post” action=”insert.php”>

Full Name: (Example: Michael R Maguire) <br />

<input type=”text” name=”user_name” size=”50″ maxlength=”50″/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type=”text” name=”sha_pw” size=”20″ maxlength=”20″/> (20 Characters Max)

<br />
<br />

<input type=”submit” value=”Create User” />

</form>
[/code]

insert.php

[code=php]<?php
$user_name = $_POST[‘user_name’];
$SHA_PW = $_POST[‘sha_pw’];

$dbname = “heskdb”;
$conn = mysql_connect (“localhost”,”root”,”password”) or
die (‘cannot connect to database error: ‘.mysql_error());
mysql_select_db ($dbname);

if(empty($user_name) || empty($sha_pw)) {
echo “<h2>Please fill in all fields</h2>n”;
echo “Please use the back button in your browsers and fill in all required fields.n”;
die ();
}

$sql=”insert into teamtutorials_test (`User_ID` , `user_name` , `sha_pw`) values (‘NULL’,’$user_name’,’sha1($sha_pw)’)”;
mysql_query($sql) or die (mysql_error().” $sql”);

?>[/code]

login.html

[code=html]<form method=”post” action=”session.php”>

Full Name: (Example: Michael R Maguire) <br />

<input type=”text” name=”user_name” size=”50″ maxlength=”50″/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type=”text” name=”password” size=”20″ maxlength=”20″/>

<br />
<br />

<input type=”submit” value=”Create User” />

</form>
[/code]

session.php

[code=php]<?php

session_start();

if (isset($_POST[‘user_name’]) && isset($_POST[‘password’]))
{
$user_name = $_POST[‘user_name’];
$password = $_POST[‘password’];

$dbname = “heskdb”;
$conn = mysql_connect (“localhost”,”root”,”password”) or
die (‘cannot connect to database error: ‘.mysql_error());
mysql_select_db ($dbname);

$sql = mysql_query(“select count(*) from teamtutorials_test
where user_name = ‘$user_name’ and sha_pw = sha1(‘$password’)”) or die(mysql_error());

$results = mysql_result($sql, “0”);

if ($results == 0){
header( ‘Location:http://www.yahoo.com’);
}
else
{
$_SESSION[‘valid_user’] = $user_name;
header( ‘Location:http://www.google.ie’);
}
}
?>
[/code]

When I enter in any name and pass(whether it is authorized or unauthorized ) I am brough to yahoo(telling me i`m unauthorized).

Anybody got any ideas?Thanks in advance

to post a comment
PHP

8 Comments(s)

Copy linkTweet thisAlerts:
@NogDogApr 23.2009 — Try echoing out the query string and verify that the variables in it have the expected values. If it looks OK, copy and paste it into the MySQL command line or phpMyAdmin SQL window and verify that it returns what you think it should.
Copy linkTweet thisAlerts:
@xvszeroApr 23.2009 — I don't know if this matters but you define your $SHA_PW variable in all caps in insert.php, and then use it in lowercase later...
Copy linkTweet thisAlerts:
@ciara1987authorApr 23.2009 — Try echoing out the query string and verify that the variables in it have the expected values. If it looks OK, copy and paste it into the MySQL command line or phpMyAdmin SQL window and verify that it returns what you think it should.[/QUOTE]

Yes,I`ve echoed the query string and when I enter in the Username :Ciaran and pass: password it returns

user_Name: CiaranPassword: password user_Name: ciaranSha Password: 4c0dffd9ee85b2520acaa4a2b2722450d583b30e

But when I look at what is entered in my DB through php my admin it is as I entered.Theres something obviously going wrong somehwere.
Copy linkTweet thisAlerts:
@ciara1987authorApr 23.2009 — I don't know if this matters but you define your $SHA_PW variable in all caps in insert.php, and then use it in lowercase later...[/QUOTE]

Yes I`ve chanegd that also.Thanks
Copy linkTweet thisAlerts:
@criterion9Apr 23.2009 — Remove the sha1() from your query if the password field is not encoded using sha1.
Copy linkTweet thisAlerts:
@ciara1987authorApr 24.2009 — Yes Ive got rid of that but I am still having the same problems,

I have made a few changes

here is the the files again.Im really under pressure to get this done and my limited knowledge of PHP is exausted so any help is very much appreciated.



[code=html]<form method="post" action="insert.php">

Full Name: (Example: Michael R Maguire) <br />

<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type="text" name="sha_pw" size="20" maxlength="20"/> (20 Characters Max)

<br />
<br />

<input type="submit" value="Create User" />

</form>
[/code]

[code=php]<?php
$user_name = $_POST['user_name'];
$sha_pw = $_POST['sha_pw'];


$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);


if(empty($user_name) || empty($sha_pw)) {
echo "<h2>Please fill in all fields</h2>n";
echo "Please use the back button in your browsers and fill in all required fields.n";
die ();
}



$sql="insert into teamtutorials_test (User_ID , user_name , sha_pw) values ('NULL','$user_name','($sha_pw)')";
mysql_query($sql) or die (mysql_error()." $sql");

echo "user_Name: $user_name";

echo "Password: .($sha_pw)";

?>

[/code]

[code=html]<form method="post" action="session.php">

Full Name: (Example: Michael R Maguire) <br />

<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type="text" name="password" size="20" maxlength="20"/>

<br />
<br />

<input type="submit" value="Create User" />

</form>
[/code]

[code=php]<?php

session_start();

if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];

$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);

$sql = mysql_query("select * from teamtutorials_test
where user_name = '$user_name' and sha_pw = ('$password')") or die(mysql_error());

$results = mysql_result($sql, 0);

if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>
[/code]

I am able to enter in the details to an SQL DB but whwn I try to login using those details it brings to me to yahoo(meaning I`m unathorized??)
Copy linkTweet thisAlerts:
@svidgenApr 24.2009 — In your initial post, you just have the quotes in the wrong spot--silly mistake.

It inserts [I]sha1('somepassword')[/I] instead of the [I]result of sha1('somepassword')[/I]. For example, if my password were default, instead of inserting [I]7505d64a54e061b7acd54ccd58b49dc43500b635[/I], as it should, it inserts [I]sha1('default')[/I].

Change the insert query in insert.php to this:
[code=php]$sql="insert into teamtutorials_test (User_ID , user_name , sha_pw) values ('NULL','$user_name',sha1('$sha_pw'))"; [/code]

So, you may have to re-encode some passwords--or clear the table.
Copy linkTweet thisAlerts:
@ciara1987authorApr 24.2009 — In your initial post, you just have the quotes in the wrong spot--silly mistake.

It inserts [I]sha1('somepassword')[/I] instead of the [I]result of sha1('somepassword')[/I]. For example, if my password were default, instead of inserting [I]7505d64a54e061b7acd54ccd58b49dc43500b635[/I], as it should, it inserts [I]sha1('default')[/I].

Change the insert query in insert.php to this:
[code=php]$sql="insert into teamtutorials_test (User_ID , user_name , sha_pw) values ('NULL','$user_name',sha1('$sha_pw'))"; [/code]

So, you may have to re-encode some passwords--or clear the table.[/QUOTE]

Thanks.Ive edited the login.html and seesion.php (as the other 2 files are working and writing to the DB) and replaced sha1/sha_pw etc with "password "as it was getting too confusing with various names,hopefully this may make it easier to spot any mistake im making

[code=html]<form method="post" action="insert.php">

Full Name: (Example: Michael R Maguire) <br />

<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type="text" name="password" size="20" maxlength="20"/> (20 Characters Max)

<br />
<br />

<input type="submit" value="Create User" />

</form>
[/code]

[code=php]<?php
$user_name = $_POST['user_name'];
$password = $_POST['password'];


$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);


if(empty($user_name) || empty($password)) {
echo "<h2>Please fill in all fields</h2>n";
echo "Please use the back button in your browsers and fill in all required fields.n";
die ();
}



$sql="insert into teamtutorials_test (User_ID , user_name , password) values ('NULL','$user_name','$password')";
mysql_query($sql) or die (mysql_error()." $sql");

echo "user_name: $user_name";

echo "Password: ".($password);

?>


[/code]

[code=html]<form method="post" action="session.php">

Full Name: (Example: Michael R Maguire) <br />

<input type="text" name="user_name" size="50" maxlength="50"/> (50 Characters Max)

<br />
<br />

User Name: <br />

<input type="text" name="password" size="20" maxlength="20"/>

<br />
<br />

<input type="submit" value="Create User" />

</form>
[/code]

[code=php]<?php

session_start();

if (isset($_POST['user_name']) && isset($_POST['password']))
{
$user_name = $_POST['user_name'];
$password = $_POST['password'];

$dbname = "heskdb";
$conn = mysql_connect ("localhost","root","password") or
die ('cannot connect to database error: '.mysql_error());
mysql_select_db ($dbname);

$sql = mysql_query("select * from teamtutorials_test
where user_name = '$user_name' and password = '$password'") or die(mysql_error());

$results = mysql_result($sql, 0);

if ($results == 0){
header( 'Location:http://www.yahoo.com');
}
else
{
$_SESSION['valid_user'] = $user_name;
header( 'Location:http://www.google.ie');
}
}
?>
[/code]

Any help is most welcome
×

Success!

Help @ciara1987 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...