incorrect password entered error please help

pokerpodge2005

// Hi im having a problem with this code everytime i try and log in to the login page i get the error incorrect password entered even though i am entering the correct password, i know im missing something simple but is there anyone who can point me to the fault in my php code if possible please, im quite adequate in coding as i do c++ programming but im new to php and unable to highlight the problem so can you please explain in full detail if possible please so that i can understand where im going wrong, Kind regard Gary //

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login</title>
</head>

<body>

<?php
// Connects to your Database
mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
mysql_select_db("Database_Name") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $COOKIE['ID_my_site'];
$pass = $COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$POST['username'] | !$POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$POST['email'] = addslashes($POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$POST['pass'] = stripslashes($POST['pass']);
$info['password'] = stripslashes($info['password']);
$POST['pass'] = md5($POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

// if login is ok then we add a cookie
$POST['username'] = stripslashes($POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $POST['username'], $hour);
setcookie(Key_my_site, $POST['pass'], $hour);

//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{

// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}

</body>
</html>

dagon

echo $_POST['pass'] and $info['password'] above where you compare them.

pokerpodge2005

code you highlight exactly which part of the code this is missing from please dragon, sorry if i seem silly asking this but its been doing my head in so much that im thinking straight.

pokerpodge2005

sorry dragon i'll decode what i was trying to say, could you be so kind as to highlight exactly which peice of code this is missing from please, this has been frustrating me for a few days now and just would like to resolve the problem asap. kind regards gary

bike5

change

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

//gives error if the password is wrong
echo $_POST['pass'] .'?====?'. $info['password'].'<br/>';
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

and tell use what that new line says when ran

pokerpodge2005

when i entered that line of code it came up with the following:

f751b81d6a30c5b589d7869b3faa9d0d?====?1d61072ed446e4e084dc85cf53a9490c
Incorrect password, please try again

bike5

well as you can see the passwords do not match each other. Try:

echo md5('yourpasswordhere').'<br/>';

change that to actually be your password, when you get the hash see if it matchs the string on the left or right of you post above this. If it still matches the left and not right, that means that password saved in the database is not that same as what you are typing.

pokerpodge2005

hi bike thanks for your reply i tried what you said and got the following:

642bdf0b8a65701e4294cf5a5a61c44b
Incorrect password, please try again.

i tried the password without md5 on in phpmyadmin and i got my password on the database i copied and pasted it into the password field and i still get the same incorrect password.

the thing is i also have a another login program which has admin, admin setup in the code as default to change later but having exactly the same problem and as above in the database the passwords are correct.

im just wondering if something my host is using is causing the problem

im using justhost.com
sql version: 5.0.77-community
php version: 5.2.9
uses Linux
ApacheL: 2.2.11 (Unix)
and i have PEAR PHP available.