CSS Codes
CSS Layouts
Results 1 to 2 of 2

Thread: Login form errors

  1. 11-25-2008, 06:36 AM #1
    punstc
    punstc is offline Regular Coders
    Join Date
    Aug 2007
    Location
    Harrisburg, PA
    Posts
    131
    Thanks
    6
    Thanked 9 Times in 9 Posts

    Default Login form errors

    I'm having problems with a login form, i believe it has something to do with the md5 encryption i'm trying to use because when i take it out and add into my database a password without md5 it works fine.. I'm pretty new at php and its my first time using md5 so if anyone can help I would appreciate it.

    here is my code.

    Code:
    <?php 
	require("../../../connect.php");
	if(!empty($_SESSION['logged_in']) && !empty($_SESSION['user'])) {  
		header('Location: index.php'); 
	}  
	elseif(!empty($_POST['user']) && !empty($_POST['pass'])) { 
		echo("post not empty");
		$user = mysql_real_escape_string($_POST['user']);  
		$pass = md5(mysql_real_escape_string($_POST['pass']));  
		
		$sql = "SELECT * FROM admin WHERE user = '$user' AND pass = '$pass' ";
		
		$checklogin = mysql_query($sql);  
		  
		if(mysql_num_rows($checklogin) == 1) {  
			echo("checking login");
			$row = mysql_fetch_assoc($checklogin);
			
			session_start();  
			$_SESSION['user'] = $user;   
			$_SESSION['logged_in'] = true;  
			  
			header('Location: index.php');
		}  
		else {  
			$status = 'Username and Password incorrect.';  
		}  
	}  
 ?> 
      
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Admin: Edit/Remove Car</title>

<link href="../css/admin.css" rel="stylesheet" type="text/css" />
</head>
<body>
    <div id="_global">
    	<?=$status ?>
        <form method="post" action="login.php" name="loginform" id="loginform">  
        	<label for="user">Username:</label><input type="text" name="user" id="user" /><br />  
            <label for="pass">Password:</label><input type="password" name="pass" id="pass" /><br />  
            <input type="submit" name="login" id="login" value="Login" />    
    	</form>
    </div><!-- end _global -->
</body>
</html>
    Reply With Quote Reply With Quote
  2. 11-25-2008, 10:20 PM #2
    BabblingIdjit
    BabblingIdjit is offline Junior Coders
    Join Date
    Oct 2008
    Posts
    42
    Thanks
    0
    Thanked 9 Times in 9 Posts

    Default

    It's usually a good idea to explain what "problems" you are having, rather than make the people trying to help you guess.

    I'm assuming your problem is that you are unable to login even with a valid username and password. Change this line:

    Code:
    $pass = md5(mysql_real_escape_string($_POST['pass']));
    to:
    Code:
    $pass = md5($_POST['pass']);
    There is no need to use mysql_real_escape_string and then MD5 the result. Once the MD5 is performed, there is no longer any threat in the submitted data.

    How is the password field defined in your database? MD5 will produce a string 32 characters long. If your database does not allow for a long enough column, the data will be truncated and the password comparison will fail.

    If that doesn't help, you'll need to describe your problem better.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules