[Resolved] md5 login....i'm about to tear my hair out!

heavenly

I have been wrestling with this all evening and for the life of me cannot figure out what I'm doing wrong. I store passwords for my users in md5 format. I am working on the login script now and can't figure out what I'm doing wrong. I borrowed some code posted by another user as part of my script:

 <?php  

// Begin Session 
session_start();  

// Log into MySQL database 
$db = mysql_connect("localhost", "heavenly_affilia", "dk#5h") or die ("Could not connect");   

mysql_select_db("heavenly_affil") or die ("Could not select db");   

if((!$us) || (!$pa)) { 
echo " 
<form action=\"index.php\" method=\"post\">
  <table width=\"28%\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"1\">
    <tr> 
      <td width=\"33%\">Affiliate ID</td>
      <td width=\"67%\"><input type=\"text\" name=\"us\"></td>
    </tr>
    <tr> 
      <td>Password</td>
      <td><input type=\"password\" name=\"pa\"></td>
    </tr>
    <tr> 
      <td colspan=\"2\"><div align=\"right\"> 
          <input type=\"submit\" name=\"Submit\" value=\"Login\">
        </div></td>
    </tr>
    <tr> 
      <td colspan=\"2\"><a href=\"lostpass.php\">Lost Password</a></td>
    </tr>
    <tr>
      <td colspan=\"2\"><a href=\"http://affiliates.heavenly-web.com/signup.php\">Register</a></td>
    </tr>
  </table>
</form> 
"; 

} else { 

// Make Username and Password lowercase  

$us = strtolower($us); 
$pa = strtolower($pa); 

// Check Both Username and Password Are Not Empty  

if((!$us) || (!$pa)){  

print "Please Ensure You Have Entered a Username and Password!"; 
exit; 
}  

// Check the Username Entered Exists in DB  

$userexist = mysql_query("SELECT * FROM `affiliates` WHERE aff='$us'",$db);   

if(mysql_num_rows($userexist) == 0) {  

print "The Username You Entered Does Not Exist."; 
exit; 
}  

// Check Password  

$login = mysql_query("SELECT * FROM `affiliates` WHERE aff='$us' and pass='". md5($pa) ."'",$db);   

if(mysql_num_rows($login) == 0) {  

print "Invalid Password For This Username!"; 
exit; 
}  

// Write Session Variables  

$_SESSION[logged_in] = "yes"; 
$_SESSION[username] = $us; 

// If All Correct, Print Confirmation  

print "Logged In!"; 

} 

?>

Whenever I try to do a test login, I get
'Invalid Password for Username'
even when I know I am entering it correctly.
Please help!😕

LordShryku

Lil debug...
Break your password check part up like this to echo the SQL to the screen and make sure it's what it's supposed to be...

$sql = "SELECT * FROM `affiliates` WHERE aff='$us' and pass='". md5($pa) ."'";
echo $sql;

heavenly

Ok, I entered this line:

$sql = "SELECT * FROM `affiliates` WHERE aff='$us' and pass='". md5($pa) ."'";

and received this message:

SELECT * FROM affiliates WHERE aff='az' and pass='202cb962ac59075b964b07152d234b70'
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/path/to/login/index.php on line 61
Invalid Password For This Username!

Now, the password in the db is stored like
d41d8cd98f00b204e9800998ecf8427e

and line 61 is

if(mysql_num_rows($login) == 0) {

Not sure if this will help, but this is the script that stores the user name and password in the db:

<?
require "aff.php";
$p = (md5($pass));
mysql_connect($host,$usr,$pwd);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO affiliates VALUES ('','$firstname','$lastname','$email','$street','$city','$state','$zip','$website','$aff','$p')";
mysql_query($query);

mysql_close();
?>

heavenly

I'm not exactly sure what i did but i got it to work 😃. I changed this:

// Check Password   

$login = mysql_query("SELECT * FROM `affiliates` WHERE aff='$us' and pass='". md5($pa) ."'",$db);    

if(mysql_num_rows($login) == 0) {   

print "Invalid Password For This Username!";  

exit;  

}

to this

// Check Password
$p = (md5($pa));
$login = mysql_query("SELECT * FROM `affiliates` WHERE aff='$us' and pass='$p'",$db);
if(mysql_num_rows($login) == 0) {  

print "Invalid Password For This Username!<br><br>$pa | ($p)"; 
exit; 
}

LordShryku

Could be the extra set of parenthases.....though I don't know why that would be affecting it.