Password()

mikawhat

Hi people,
I'm using password() when inserting data into my database but when i try to login it doesn't recognise the password. I removed password() and then i was able to login. Anybody knows why ican't login and how i could fix this problem?

bodzan

..something went wrong when inserting Password() encrypted data to your database...

What do your fields in the database say? It seems to me like you're storing a plain text instead...

mikawhat

in the database the passwords are encrypted (16 digits)

bodzan

..particulary where you are trying to match the two passwords...

mikawhat

here's the whole login page...
<?php
if (isset($POST['submit'])) {
require_once('../mysql_connect.php');
function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}
$message = NULL;
if (empty($POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($POST['username']);
}
if (empty($POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}
if ($u && $p) {
$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";
$result = @ ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);

if ($row) {
setcookie ('first_name', $row[1]);
setcookie ('user_id', $row[0]);
header ("Location: [url]http://[/url]" . $SERVER['HTTP_HOST'] . dirname($SERVER['PHP_SELF']) . "/loggedin.php");
exit();

} else {
$message = '<p>The username and password entered do not match those on database.</p>';
}
mysql_close();
} else {
$message .= '<p>Please try again</p>';
}

}
$page_title = 'login';
include ('templates/header.inc');
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action=<?php echo $SERVER['PHP_SELF']; ?> method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>Username:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="10" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset>
</form>

<?php
include ('templates/footer.inc');
?>

bodzan

...since I can't see what would cause this script to let you log in when you remove PASSWORD()...

Try the following, after these lines:

$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);

Do:

echo $row;
exit();

And see what is echoed when the PASSWORD() is there and what when it is not there...

bastien

show code

[edit] sorry, window open too long[/edit]

mikawhat

Originally posted by bodzan
...since I can't see what would cause this script to let you log in when you remove PASSWORD()...

Try the following, after these lines:
$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
Do:
echo $row;
exit(); 
And see what is echoed when the PASSWORD() is there and what when it is not there... [/B]

nothing happens. just a white window...