Back to the sign in problem

[SiKing]

Encountered the MySQL problem again. My whole login form is screwed and I cannot cope with it anymore. Help is apreciated very much.

<?php 
session_start();


include("config.php"); 

$passwordbeforemd5=$_POST['password'];

$username=$_POST['username'];
$password=md5('$passwordbeforemd5');

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());
$id = mysql_result($query,0,"id");
$account = mysql_result($query,0,"account");


//$username=!isset($_SESSION['username'];
//$password=!isset($_SESSION['password'];

// Registering the variables uname and pwd
session_register("username","password","id", "account");

//Check user exists in database
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false
$login_check = mysql_num_rows($sql);

if ($login_check == "1") {
$_SESSION['logged_in'] = true;
include ("membersarea.php");
}
else {
include("head.php");
session_unset();
echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is
a problem, email the administrator at [email protected] or use the contact form</p>";
include("foot.php");
}



?>

That's my whole sign in verification script. Obviously a form gets posted to this script with two text fields 'username' and 'password'. I cannot login. Or when I can, it lets me log in with any password. It's very screwed up but this is my last resort. If you guys cannot help me, I'm packing the whole thing in....Thanks

 

[moondog]

What is the mySQL error that is being displayed?

-Bob

 

[SiKing]

Well, it displays :

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 13

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 14

But I can also log in with any password as long as the username is within the database. Sorry for being grumpy - very bad day

 

[Eric]

Kinda in a rush but I think this will work..

<?php
session_start();


include("config.php");

$passwordbeforemd5 = $_POST['password'];

$username = $_POST['username'];
$password = md5('$passwordbeforemd5');

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die(mysql_error());
$id = mysql_query($query, 0, "id");
$account = mysql_query($query, 0, "account");


//$username=!isset($_SESSION['username'];
//$password=!isset($_SESSION['password'];

// Registering the variables uname and pwd
session_register("username", "password", "id", "account");

//Check user exists in database
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");

//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false
$login_check = mysql_num_rows($sql);

if ($login_check == "1") {
$_SESSION['logged_in'] = true;
include ("membersarea.php");
}
else {
include("head.php");
session_unset();
echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is
a problem, email the administrator at [email protected] or use the contact form</p>";
include("foot.php");
}

?>

 

[SiKing]

Thanks for the help but no change :td:

 

[moondog]

Again, I think you forgot the mysql_query when you defined $query. Try changing this:

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());
$id = mysql_result($query,0,"id");
$account = mysql_result($query,0,"account");

To this:

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error());
$id = mysql_result($query,0,"id");
$account = mysql_result($query,0,"account");

-Bob

 

[SiKing]

I did try that but I must've changed it back. This prevents the PHP error but I am still able to log in with any password

 

[moondog]

Hmmm, tough but interesting one. Would you like me to have a look at it for you? I am good with troubleshooting. All I'd need is ftp access.

-Bob

 

[SiKing]

That would be brilliant. I'm just trying to fixup an FTP account which is proving difficult

 

[moondog]

After playing around with it, the problem lies here (I should have seen this in the beginning):

$password=md5('$passwordbeforemd5');

the md5 function takes a string as a parameter. You have passed it a parameter, but you have enclosed it in single quotes. When you enclose a variable in single quotes, the variable is NOT interpolated. All you have to do is change the single quotes to double quotes and it works (which I did in your script).

So in essence what was happening is that the md5() function was performing its duty on the string '$passwordbeforemd5' ALL THE TIME, and NOT what the user had entered in the password form field. This led to the SAME $password variable EVERY time.

You will need to reset the password for the specified user to whatever you want it to be, then all should work.

PM / reply if you have additional questions.

-Bob

 

[SiKing]

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

 

[moondog]

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

Welcome and no worries on the NP$. Glad I could help.

Happy coding.

-Bob