LOGIN problem -Solved

[dlsmoker]

Hi all, I'm new here and I hope some of you could help me. I just watched all the video tutorials, but the login script do not work.
I tried some others alternatives. First, a simple code with the mysql_num_rows command, but I get an error: parameters axpected to be one, boolean given. With this command I check if username and password are on the same row.
The second, I tried to re-make of halls, but I always get Password incorrect.
This is the registration:

<?php

require_once('connect.php'); // I have session_start here

$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['confirm'] = $_POST['confirm'];
$_SESSION['email'] = $_POST['email'];


if(($_SESSION['username'] == "") || ($_SESSION['password'] == "") || ($_SESSION['confirm'] == "") || ($_SESSION['email'] == "") )
{
echo 'Missing fields or incorrect. <br>
Click <a href="signup.html">here</a> here to go back.';
}
else if(($_SESSION['password'] == $_SESSION['confirm']))
{

echo 'Thank you. <br>
You have been successfully signed up. Click <a href="index.html">here</a> to go to home page';

$reqSQL = "INSERT INTO `game`.`users` (`username`, `password`, `email`)
VALUES ('".$_SESSION['username']."', '".$_SESSION['password']."', '".$_SESSION['email']."')";

mysql_query($reqSQL);


$_SESSION['username'] = '';
$_SESSION['password'] = '';
$_SESSION['confirm'] = '';
$_SESSION['email'] = '';
}
else {
echo 'Password and Confirm Password did not match. <br>
Click <a href="signup.html">here</a> here to go back.';
}
?>


This is the login:

<?php

<?php include_once 'connect.php'; ?>

<?php


if ($_POST){

$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password = md5($password);

$query = "SELECT username,password FROM users WHERE username='$username'";
$result = mysql_query($query) or die("Could not query usernames");
$result2 = mysql_fetch_array($result);
if ($result){
if ($result2['password'] == $password){
$_POST['username'] = $username;
echo "<big>Logged in successfully<br>";
echo "<A href='game.php'>Continue</a></big>";
} else {

echo "Wrong password. <br><br>";

}
} else {

echo "That username is not registered. <br><br>";

}
} else {


}
?>

The registration script works and it add fields in the db, but I can't access with the login script.
If I type a username that is in the DB, it says WRONG PASSWORD.
if I type a username thaat do Not exist in the DB, it says Username not registered. That means that it can connect to db and search for the username, but is the password I have the problem. Please help

[MikeD]

Looks like you're forgetting to put the password into MD5 on your registration.

Also, I don't see a query where you check the username and password.

Here is halls tutorial register, reguser, login, authenticate.

Code: Select all

<?php
include 'connect.php';

?>

<form method ="post" action="reguser.php">
Type Username Here: <input type="text" name="player" size="21"><br>
Type Password Here: <input type="text" name="password" size "15"><br>
ReType Password Again: <input type="text" name="pass2" size "15"><br>
Type Email Address: <input type="text" name="email" size "60"><br>

<input type="submit" value="submit">
 

 <?php
      print "<select name='classchoice' length='20'>";
      $classinfo="SELECT * from classes";
      $classinfo2=mysql_query($classinfo) or die("Could not select classes");
      while ($classinfo3=mysql_fetch_array($classinfo2))
      {
        print "<option>$classinfo3[name]</option>";
      }
      print "</select><br>";
?>
</form>
<?php

      print "<center><h3>Class Starting modifiers</h3></center>";
      print "<center>";
      print "<table border='0' width='70%' cellspacing='20'>";
      print "<tr><td width='25%' valign='top'>";
      print "</td>";
      print "<td valign='top' width='75%'>";
      $selectclass="SELECT * from classes";
      $selectclass2=mysql_query($selectclass) or die("could not select Classes");
      print "<table border='1' bordercolor='black' bgcolor='#ffffff'>";
      print "<tr><td><font color='cc0033'>Class<font color='ffffff'>_____________</td><td><font color='cc0033'>Attack<font color='ffffff'>_</font><td><font color='cc0033'>Defense<font color='ffffff'>_</font></td><td><font color='cc0033'>Hit Points<font color='ffffff'>_</font></td><td><font color='cc0033'>Spell Points<font color='ffffff'>_</font></td></tr>";
      while($selectclass3=mysql_fetch_array($selectclass2))
      {
       print "<tr><td>$selectclass3[name]</td><td>$selectclass3[attack]</td><td>$selectclass3[defense]</td><td>$selectclass3[hpoints]</td><td>$selectclass3[spoints]</td></tr>";
          
      }
      print "</table>";
      print "</td></tr></table>";    
      print "</center>";
    
    
?>

Code: Select all

<?php
include 'connect.php';
?>

<?php
$player=$_POST['player'];
$password=$_POST['password'];
$pass2=$_POST['pass2'];
$player=strip_tags($player);
$email=$_POST['email'];
$email=strip_tags($email);
$classchoice=$_POST['classchoice'];

if ($email == "")
{
echo "You didn't enter a email address!<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
if ($password==$pass2)
{

$isplayer="SELECT * from players where name='$player'";
$isplayer2=mysql_query($isplayer) or die("Could not query players table");
$isplayer3=mysql_fetch_array($isplayer2);

if(!$_POST['password'] || !$_POST['pass2'])
{
print "You did not enter a password<br>";
echo " <A href='register.php'>Go back</a>";
exit;
}
else if($isplayer3 || strlen($player)>21 || strlen($player)<1)
{
print "There is already a player of that name or the name you specified is over 16 letters or less than 1 letter";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$isaddress="SELECT * from players where email='$email'";
$isaddress2=mysql_query($isaddress) or die("not able to query for password");
$isaddress3=mysql_fetch_array($isaddress2);
if($isaddress3)
{
print "There is already a player with that e-mail address";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else
{
$password=md5($password);

 //////////////////////////////new for video 9//////////////
 $classquery="SELECT * from classes where name='$classchoice'";
  $classquery2=mysql_query($classquery) or die("Could not query classes");
  $classquery3=mysql_fetch_array($classquery2);

$SQL = "INSERT into players(name, password, email, level, exper, attack, defense, hpoints, maxhp, spoints, maxspoints,pclass) VALUES ('$player','$password','$email','1','0','$classquery3[attack]','$classquery3[defense]','$classquery3[hpoints]','$classquery3[hpoints]','$classquery3[spoints]','$classquery3[spoints]','$classquery3[name]')";
mysql_query($SQL) or die("could not register");

print "Thank you for registering!";

}
}
}

else
{
print "Your password didn't match or you did not enter a password";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
 echo " <A href='login.php'>Login Page</a><br>";
?>

Code: Select all

<form method="POST" action="authenticate.php">
User Name <input type="text" name="player" size="21">
Password <input type="password" name="password" size="21" mask="x">
<br>
<input type="submit" value="Login" name="submit">

<br><br>Not Registered? <a href='register.php'>Register

Code: Select all

<?php
include_once 'connect.php';
session_start();

if (isset($_POST['submit']))
{
  $player=$_POST['player'];
  $password=$_POST['password'];
  $player=strip_tags($player);
  $password=strip_tags($password);
  $password=md5($password);

  $query = "select name,password from players where name='$player' and '$password'";
  $result = mysql_query($query) or die("Could not query players");
  $result2 = mysql_fetch_array($result);
  if ($result2)
  { 
    $_SESSION['player']=$player;
    
    echo "<big>Logged in successfully<br>";
    echo "<A href='index.php'>Continue</a></big>";
  }
  else
  {
   echo "<big>Wrong username or password.<A href='login.php'>Try Again</a></big>";
  }
}
?>

[dlsmoker]

Yes You are right with the md5 thing, I corrected it but with the same results. The registration is different, I used another code and it works becouse it inserts values in the table in the DB. The problem is with the login script. Whatever I type I get "Wrong password" so the issue is with the if() where I check if that username has that password. Any advice ?

[Sebastian]

Actually there is a mistake in authenticate.php

Code: Select all

$query = "select name,password from players where name='$player' and '$password'";

I think it should be

Code: Select all

$query = "select name,password from players where name='$player' and password='$password'";

either way you can log with any password knowing just the login
Ive noticed it yesterday by an accident when i was making my game

regards
Sebastian

[MikeD]

Actually there is a mistake in authenticate.php

Code: Select all

$query = "select name,password from players where name='$player' and '$password'";

I think it should be

Code: Select all

$query = "select name,password from players where name='$player' and password='$password'";

either way you can log with any password knowing just the login
Ive noticed it yesterday by an accident when i was making my game

regards
Sebastian

Oh yeah I forgot about that problem in the tutorial login.

[MikeD]

Code: Select all

if ($_POST){

$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password = md5($password);

$query = "SELECT username,password FROM users WHERE username='$username'";
$result = mysql_query($query) or die("Could not query usernames");
$result2 = mysql_fetch_array($result);
if ($result){
if ($result2['password'] == $password){
$_POST['username'] = $username;
echo "<big>Logged in successfully<br>";

Should be

Code: Select all

if (isset($_POST['login'])){

$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password = md5($password);

$query = "SELECT username,password FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query) or die("Could not query usernames");
$num_rows = mysql_num_rows($result);
if ($num_rows == '1'){
//insert session code
echo "<big>Logged in successfully<br>";

[dlsmoker]

hank you for the quick answers, I solved the problem! Now there is another last thing.
When I try to encrypt the password, I fail to log in.
When I register, the password is sent in the DB encrypted, but when I try to log in with the same password and with the same code (md5()), it says wrong password. Any advice ?

[Chris]

Make sure the length of the password stored in the database is at least 32. If this is the case, show us the register code.

[MikeD]

hank you for the quick answers, I solved the problem! Now there is another last thing.
When I try to encrypt the password, I fail to log in.
When I register, the password is sent in the DB encrypted, but when I try to log in with the same password and with the same code (md5()), it says wrong password. Any advice ?

Code: Select all

$_SESSION['password'] = $_POST['password'];

need to MD5 that

Code: Select all

$_SESSION['password'] = $_POST['password'];
$_SESSION['password']=md5($_SESSION['password']

I think that's what you need.

[Chris]

hank you for the quick answers, I solved the problem! Now there is another last thing.
When I try to encrypt the password, I fail to log in.
When I register, the password is sent in the DB encrypted, but when I try to log in with the same password and with the same code (md5()), it says wrong password. Any advice ?

Code: Select all

$_SESSION['password'] = $_POST['password'];

need to MD5 that

Code: Select all

$_SESSION['password'] = $_POST['password'];
$_SESSION['password']=md5($_SESSION['password']

I think that's what you need.

Why are you storing the password in a session? Or is this possibly beyond my logic?