Hi, I have been reading a book called "PHP in easy steps" by Mike McGrath.
This book has an example of a log-in form which uses PHP & MySQL to authenticate users.
I have copied the example into my trial webserver and set up a test MySQL database, but the form doesnt work.
When I click sign in it always fails, the problem seems to lie with the query sent to MySQL:
$sql="select * from users where user_name=\"$username\" and password = password( \"$password\" )";
If I remove the password bit and log-in with the Username & encrypted password from MySQL it works fine - so I assume it must be an error with the password being encrypted (the password is encrypted and then compared against the encrypted password held in MySQL).
The werid thing is the password bit works fine on another form where it creates a new user and adds it to the database.
But thats as far as my knowledge goes on this subject, and I haven't got a clue what to do next. If it's any help, I could post the enitre contents of the files.
I am not getting any errors from PHP or MySQL, rather my login script is always saying 'your username or password is invalid', even if the username and password are valid.
I have narrowed it down to being something to do with the encryption of the password; the password is encrypted (at least it should be) and then is compared against the encrypted record in MySQL. It seems the line I quoted earlier is not correctly encrypting the password before it is being compared.
I tried removing the encryption part so it just compared the password directly against the encrypted one and tried to log in using the username and the encrypted password, and it worked fine (my logon was allowed).
Any ideas anyone?
Thanks
PHP/MySQL Log-In Form - Help!
4 posts
• Page 1 of 1
PHP/MySQL Log-In Form - Help!
by Ben Last » Sat 2005 Oct 01 7:45
No trees were harmed in the construction of this message, however many electrons were terribly inconvenienced.
-
Ben Last - Consulting Ambassador
- Posts: 475
- Joined: Fri 2005 Jan 21 7:47
- Location: Stowmarket
by Ben Last » Sun 2005 Oct 02 8:11
Is there any way I can echo the password to the screen after it has been encoded from the form data?
As this would prove it is being correctly encoded.
As this would prove it is being correctly encoded.
No trees were harmed in the construction of this message, however many electrons were terribly inconvenienced.
-
Ben Last - Consulting Ambassador
- Posts: 475
- Joined: Fri 2005 Jan 21 7:47
- Location: Stowmarket
by Spock » Mon 2005 Oct 03 11:57
Simply format and print the variable to the screen as you would any other information.
You might find it useful to output it in an information box with a close button so you have time to see it. You might also want to put visible delimiters at start and end in case there are any hidden characters included in the variable.
You might find it useful to output it in an information box with a close button so you have time to see it. You might also want to put visible delimiters at start and end in case there are any hidden characters included in the variable.
-
Spock - Forum Admin
- Posts: 2417
- Joined: Tue 2005 Jan 18 10:47
- Location: MD, USA
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests