csmcgoo Posted November 22, 2010 Share Posted November 22, 2010 I have a pretty basic PHP log in code connected to a database of register users. However, it's not allowing any users to enter? Could someone please review the code and let me know if you find any errors? //Create query $qry="SELECT * FROM customers WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['fname']; $_SESSION['SESS_LAST_NAME'] = $member['lname']; session_write_close(); header("location: key_catalog.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
jim_keller Posted November 22, 2010 Share Posted November 22, 2010 What behavior do you see? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 It would probably be helpful to post what is actually happening versus what you expect to happen, along with any errors/messages returned by the code. Quote Link to comment Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 It goes to: login-failed.php Login Failed! Please check your username and password Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 echo $qry; then compare the values in the query string manually to the values in the database by browsing the record in phpMyAdmin. Make sure the values are identical. Quote Link to comment Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Thanks for the advise... This is the password the echo shows: 6c322db5f141b4ed486dcf8b84b3011b This is the password in the database: f828c4d40a3657df7131f4979ad28c595e7f1c4b Not sure where to go from here... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 22, 2010 Share Posted November 22, 2010 Since the echo is 32 characters, and the stored value is 40 characters, I'd venture a guess that it's a hashing method mismatch. More specifically, I'd bet that the value is inserted into the database with an SHA1 hash, in which case you'd need to use the same hashing algorithm to compare it. Quote Link to comment Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Thank you for the detailed explanation. Do you have any idea what I can do to fix it? Maybe "pass_hash_func"? I have no idea what any of that means Quote Link to comment Share on other sites More sharing options...
csmcgoo Posted November 22, 2010 Author Share Posted November 22, 2010 Looks like i figured it out! Amazing what you can learn here. Thanks! changed: .md5 to .sha1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.