e4games Posted October 11, 2009 Share Posted October 11, 2009 Ok, so know when you register it submits the information into the database, but instead of putting it in what you typed it puts in random characters. If you go to login using the random characters that it set as your password it still doesn't let you login. Here are my register and login codes. <?php require_once 'db.php'; $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null) if ($page_mode === 'register') { $username = mysql_real_escape_string(trim($_POST['username'])); $password = $_POST['password']; if ($password !== $_POST['conf_password']) $error_string .= 'Password mismatch.<br>'; if ($error_string == '') { $result = db_query("SELECT username FROM users WHERE username='$username';"); if (mysql_num_rows($result) > 0) $error_string .= 'The username is already registered.<br>'; else { $password = sha1($password); // hash password once db_query("INSERT INTO users (username, password) VALUES ('$username', '$password');"); header('Location: thankyou.php'); exit(); } } } ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Register</title> <style type="text/css"> .error_text { color: #FF0000; width: 400px; text-align: center; } .left_box { float: left; width: 150px; text-align: right; padding-right: 5px; } .right_box { clear: right; } </style> </head> <body> <div class="error_text"><?php echo $error_string; ?></div> <form action="register.php" method="post"> <input type="hidden" name="page_mode" value="register"> <div class="left_box">Username</div> <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div> <div class="left_box">Password</div> <div class="right_box"><input type="password" name="password" size="30"></div> <div class="left_box">Confirm Password</div> <div class="right_box"><input type="password" name="conf_password" size="30"></div> <div class="left_box"> </div> <div class="right_box"><input type="submit" value="Register" size="30"></div> </form> </body></html> Login Code <?php session_start(); $error_string = ''; # error_string is modified in db.php! require_once 'db.php'; $page_mode = $_POST['page_mode']; # empty variable defaults to '' (or null) if ($page_mode === 'login') { $username = mysql_real_escape_string(trim($_POST['username'])); $password = $_POST['password']; if ($username == '' || strlen($password) == 0) # password can be of spaces, which must not be trimmed! $error_string .= 'Please enter your username and password.<br>'; else { $result = db_query("SELECT id, username, password FROM users WHERE username='$username';"); if (!($row = mysql_fetch_assoc($result))) $error_string .= 'The username was not found.<br>'; else if ($row['password'] != sha1($password)) $error_string .= 'The password did not match.<br>'; else { $_SESSION['user_id'] = $row['id']; $_SESSION['user_name'] = $row['username']; header('Location: /'); exit(); } } } ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>Register</title> <style type="text/css"> .error_text { color: #FF0000; width: 400px; text-align: center; } .left_box { float: left; width: 150px; text-align: right; padding-right: 5px; } .right_box { clear: right; } </style> </head> <body> <div class="error_text"><?php echo $error_string; ?></div> <form action="login.php" method="post"> <input type="hidden" name="page_mode" value="login"> <div class="left_box">Username</div> <div class="right_box"><input type="text" name="username" size="30" maxlength="255" value="<?php if (isset($username)) echo $username; ?>"></div> <div class="left_box">Password</div> <div class="right_box"><input type="password" name="password" size="30"></div> <div class="left_box"> </div> <div class="right_box"><input type="submit" value="Log In" size="30"></div> </form> </body></html> Link to comment Share on other sites More sharing options...
jlhaslip Posted October 11, 2009 Share Posted October 11, 2009 Use the plain-text password. The one in the DB is sha1 encrypted. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.