Login form error

iNFERiON

I am trying to get a login form to work, but for some reason, it's getting stuck at some point.

The login form looks like this:

if(!isset($_SESSION['auth'])){
	echo "You are not logged in yet, please do so.";
	echo "<form action=\"login.php\" method=\"post\" name=\"login\" id=\"login\">";
  	echo "<p>User:";
	echo "<input name=\"user\" type=\"text\" id=\"user\" maxlength=\"10\">";
	echo "<br>";
	echo "Password:";
	echo "<input name=\"pass\" type=\"password\" id=\"pass\">";
	echo "</p>";
	echo "<p>";
	echo "<input name=\"LoginButton\" type=\"submit\" id=\"LoginButton\" value=\"Login\">";
	echo "</p>";
	echo "</form>";
	}

This is what my login.php looks like and where it gets stuck too. Won't get past this file.

<?
// login.php - Login Parser
include('passdb.php');

if($_POST['user'] == "Admin") {
	if(md5($_POST['pass']) == $pass01) {
		session_start();
		$_SESSION['group'] = "admins";
		$_SESSION['auth'] = $pass01;
		header("Location: index.php");
		exit;
	} else {
		echo "Access Denied";
		exit;
	}
} else {
echo "Login failed: Unkown user.";
exit; }
?>

And this is the content of passdb.php:

<?
// passdb.php - Password database
$pass01 = "MD5 Hash Here";
exit;
?>

Off course I have put a valid MD5 hash in the real file, this is just an example of the constuction. Where did I go wrong, can't find it, although I am tired, I feel dumb and help-needing anyway :p

dalecosp

I assume that you've used an echo() or print() statement to verify that $_POST['pass'] is actually equivalent to the md5 hash?

There could be encoding issues, for example....

iNFERiON

Ah, I indeed was too tired yesterday to see my dumb mistake. In the pass db file, I put this:

$pass01 = "MD5 Hash Here";
exit;

The exit killed the login.php actions off course :p
Problem is fixed now.

dalecosp

iNFERiON wrote:
Ah, I indeed was too tired yesterday

....

Well, at least you have a good excuse ... check out this thread and see what the rest of us have done ... usually for no good reason whatsoever 😃