[PHP & MySQL Authentication issues] - Computers



Search Tech-Forums - link takes you to our Forum's search page.

Note: The following is only a text archive!

To view the actual forum discussion, please visit our website at http://www.tech-forums.net

Pages:1


PHP & MySQL Authentication issues

(Click here to view the original thread with full colors/images)


Posted by: bhughesiii

Hey all,
I am writing a program that requires registration and authentication. I cannot for the life of me get it all to work. I had the registration working where the user fills in the information and then a function is called that encrypts the password and then stores it all in the database. For some reason this has stopped working. The main issue I was having is when they login with username and password. I encrypt the password, then check it against the database, but it does not want to work. I did some testing to make sure the encrpytion function was encrypting the same password the same way all the time. But it does not work when checking it.. I will post my code, maybe someone can give me a heads up..

include.php
[code]
<?php
session_start();
// This script holds all the functions and other trinkets used in the refill program!!!!


@$db = mysql_connect("dee", "dee", "dee") or die('Cannot Connect To DB!!');
@mysql_select_db('users') or die('Cannot Connect To DB!!');


function validatePasswd($passwd, $passwd1){
if ($passwd == $passwd1){
return true;
}
return false;
}

function validateEmail($email){
$query = "select * from users where email = '$email'";
$result = mysql_query($query);
if($row = mysql_fetch_array($result)){
return true;
}
return false;
}

function cryptpass($passwd){
return crypt($passwd,'satn');
}

function registerUser($fname, $lname, $street, $city, $state, $zip, $email, $passwd, $passwd1){
if(validateEmail($email)){
$message="This Email Address Already Registered.<br>";
}
if(validatePasswd($passwd, $passwd1) == true){
$passwd = cryptpass($passwd);
$query = "insert into users(email,fname,lname,street,city,state,zip,pass
word) values('$email','$fname','$lname','$street','$city
','$state','$zip','$passwd')";
$result = mysql_query($query);
header('Location: index.php');
}else{
$message="Passwords do not match";
}
}

function logonUser($email, $passwd){
session_register("logged");//Create session logged.
$passwd = cryptpass($passwd);//Encrypt password
$query = "select * from users where email = '$email' and password = '$passwd";
$result = mysql_query($query);
if($row = mysql_fetch_array($result)){
$query = "insert into test(email, passwd) values('$email', '$passwd')";
$result = mysql_query($query);
$_SESSION['logged'] == true;
header ('Location: refill.php');
}else{
$message = "Logon Failed";
}
}
?>[/code]

index.php
[code]
<?php
session_start();

require 'include.php';

if($_POST['Logon']){
$_SESSION['email'] = $_POST["email"];
$_SESSION['passwd'] = $_POST["passwd"];

logonUser($email, $passwd);
}
?>

<html>
<head>
<title>Fagen Pharmacy: User Logon</title>
</head>
<p align = center><img src = "images/fagen_to_jpeg.gif">
<p align = center><font color = red size = 6>User Logon:</font>
<body>
<?php echo $message; ?>
<form action = index.php method = post>
<table align = center border = 1>
<tr>
<td width = 100>Email Address:</td>
<td><input name = "email" type = text size = 50></td>
</tr>
<tr>
<td width = 100>Password:</td>
<td><input name = "passwd" type = password size = 50></td>
</tr>
</table>
<p align = center><input name = "Logon" type = submit value = "Logon">
</form>
<p align = center><font size = 2>
Enter your email address and password to log into the system. Or, <a href = "register.php">click here</a> to register.<br> Thank you.
</body>
</html>[/code]

register.php
[code]
<?php
session_start();

require 'include.php';
if($_POST['Register']){
registerUser($fname, $lname, $street, $city, $state, $zip, $email, $passwd, $passwd1);
}
?>

<html>
<head>
<title>Fagen Pharmacy: User Registration</title>
</head>
<p align = center><img src = "images/fagen_to_jpeg.gif">
<p align = "center"><font color = "red" size = "6">User Registration</font>
<p>
<body>
<php echo $message; ?>
<form action = "register.php" method = "post">
<table align = center border = 1>
<tr>
<td width = 150>First Name:</td>
<td><input name = "fname" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>Last Name:</td>
<td><input name = "lname" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>Address:</td>
<td><input name = "street" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>City:</td>
<td><input name = "city" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>State:<font size = "1">(Abbreviation)</font></td>
<td><input name = "state" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>Zip:<font size = "1">(5 or 9 digit)</font></td>
<td><input name = "zip" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>Email Address:</td>
<td><input name = "email" type = "text" size = 50></td>
</tr>
<tr>
<td width = 150>Password:</td>
<td><input name = "passwd" type = "password" size = 50></td>
</tr>
<tr>
<td width = 150>Confirm Password:</td>
<td><input name = "passwd1" type = "password" size = 50></td>
</tr>
<tr>
<td></td>
<td><input name = "Register" type = "submit" value = "Register"> <input type = "reset" value = "Reset Fields"></td>
</tr>
</table>
</form>
<p align = center><font size = "2">Please Note: Your email address will be your username<br />
Please type your password twice before clicking the <font color = red>"register"</font> button. Thank you</font>
</body>
</html>[/code]


Posted by: Vormund

Hmm, this line perhaps, from the logonUser() function?

$query = "select * from users where email = '$email' and password = '$passwd";

...which is missing the single quote following $passwd.


Posted by: bhughesiii

Oops, I had that in there before, must have forgot to put it back in when I was messing around with different encryption options. Other than that, can you see any reason why it wouldn't work?


Posted by: Vormund

Hmm, just to clarify, what isn't working?

Is it...a user logs in, then when the user's password is encrypted and compared with the database - it does not match?


Posted by: bhughesiii

Correct, they input their username which is their email address, and their password. They click login and that calls the logonUser() function. The function encrypts the password then is supposed to check against the database. However it is not. It dies right there.


Posted by: Vormund

The mysql query dies? In that case, you could use the or die() on the query:

$result = mysql_query($query) or die(mysql_error());

Which would provide the reason...likely syntax somewhere. If that's not it, what is dieing? (Sorry if I'm missing the idea!)


Posted by: bhughesiii

If I don't have it check the password, it goes through just fine. It is when the password is part of the select statement is when it doesn't work.


Posted by: Vormund

[PHP]function logonUser($email, $passwd){
session_register("logged");//Create session logged.
$passwd = cryptpass($passwd);//Encrypt password
echo $passwd.":";
$query = "select * from users where email = '$email'";

$check = mysql_fetch_array($query);
echo $check['passwd'];

$result = mysql_query($query);
if($row = mysql_fetch_array($result)) {
$query = "insert into test(email, passwd) values('$email', '$passwd')";
$result = mysql_query($query);
$_SESSION['logged'] == true;
header ('Location: refill.php');
} else {
$message = "Logon Failed";
}
}[/PHP]

Using that function, (password in the query was removed), does it output the same password? ...everything looks ok...:mad:


Posted by: bhughesiii

No, the stored password is a few characters short, probably because I only have the SQL field set to a length of 10, and I probably need at least 13... I will try bumping that up and see what happens...


Posted by: bhughesiii

Dude this totally rocks!! That is what it was, I made my field accept 15 characters and it is totally working now.

Thanks a mill!! I am still a beginner when it comes to programming so I don't remember all the different ways to check things...


Posted by: Vormund

For sure! It's comparing two strings, and they have to be identical...if your database is truncating anything, they will not be equal. So you always want to set the field length to the maximum you'd ever accept plus one.

/edit/
You post too fast! :p ...glad it's working!


Posted by: bhughesiii

Again thanks, all it takes for me to figure out something is to be pointed in the right direction. After doing that test and seeing that they were short it just hit me!




vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited.


PPC Management
vB Easy Archive Final - Created by Xenon