Authenticate.php is accepting (almost) all passwords #SOLVED
Posted: Tue Jan 05, 2010 2:12 am
I had put my interests on ice until now.
I got stuck at this Login page, that did not work as I expected.
Authenticate.php just doesn't seem to care about passwords.
Code:
I created a User:Royce with Pass:Royce
It does not accept: Royce
It accepts: R0yce, asfrwsgser899
Also included:
Login.php
I hope this is enough to debug.
I just need a name, and login with a random password
I got stuck at this Login page, that did not work as I expected.
Authenticate.php just doesn't seem to care about passwords.
Code:
Code: Select all
<?php
//
// Authenticate
//
include_once 'connect.php';
session_start();
if (isset($_POST['submit']))
{
$player=$_POST['player'];
$password=$_POST['password'];
$player=strip_tags($player);
$password=strip_tags($password);
$password=md5($password);
$selection = "select name,password from players where name='$player' and '$password'";
$query = mysql_query($selection) or die ("Could not query players");
$array = mysql_fetch_array($query);
if ($array)
{
$_SESSION['player']=$player;
echo "Login successful<br>";
echo "<A href='test.php'>YES!</a>"; // Edit this to main later, add timeout to forward.
}
else
{
echo "Login failed";
}
}
//Login accepts random passwords, why?
?>It does not accept: Royce
It accepts: R0yce, asfrwsgser899
Also included:
Login.php
Code: Select all
<?php
//
// Login
//
?>
<form method="POST" action="authenticate.php">
User Name <input type="text" name="player" size="21"><br>
Password <input tupe="text" name="password" size="21" mask="x">
<br>
<input type="submit" value="Login" name="submit">
I hope this is enough to debug.
I just need a name, and login with a random password