Chrome modifying user input

sphawes · April 25, 2012, 3:27pm

Hello All!

I am currently working on a fairly simple site that includes a login function. All the users have been created using Safari, and have been working just fine. But I have recently attempted to login to my account via Chrome, and was redirected to my “Login Denied” page. I made quite sure I did not type it incorrectly, and even copied the password from phpMyAdmin and pasted it into the form field; I was still redirected.

I then made a new user in Chrome, and looked to see what the database had received as that user’s information. The new user’s username was “blah” and password was “blah.” When I checked it in the database, i found that the username was as i had inputted it, but the password was “blPr.”

I have retested this to ensure this was not a typo.

Does anyone have any idea why Chrome is editing what the user is inputting and transferring via $_POST?

My code is below.

The form at index.php:

<h2>Sign up</h2><br />
    <form action="signup.php" method="post">
        <p>Username: </p><input type="text" name="username" /><br /><br />
        <p>Password: </p><input type="password" name="password" /><br /><br />
        <input type="submit" value="Enter" />
    </form>

The page handling the login, two.php:
[php]

<?php $mysql_host = "host"; $mysql_database = "database"; $mysql_user = "user"; $mysql_password = "password"; $connect = mysql_connect($mysql_host,$mysql_user,$mysql_password); mysql_select_db($mysql_database,$connect); $user = $_POST["username"]; $pass = $_POST["password"]; $query_check = "SELECT password FROM users WHERE username='".$user."'"; $check = mysql_query($query_check); $row = mysql_fetch_array($check, MYSQL_ASSOC); $final = $row["password"]; if ($final != $pass) { header("Location:http://stakket.com/incorrect.php"); } else { $expire = time()+60*60*24*30*12; setcookie("user",$user,$expire,"/",".stakket.com"); header("Location:http://stakket.com/home.php"); } ?>

[/php]

Thank you in advance for your help!

-sphawes

plintu · April 25, 2012, 6:18pm

Try doing some checks and see what you are getting and where the error is:

[php]

<?php $mysql_host = "host"; $mysql_database = "database"; $mysql_user = "user"; $mysql_password = "password"; $connect = mysql_connect($mysql_host,$mysql_user,$mysql_password); mysql_select_db($mysql_database,$connect)or die("MySQL ERROR : ".mysql_error()); $user = $_POST['username']; $pass = $_POST['password']; $check = mysql_query("SELECT password FROM users WHERE username='".$user."'") or die("MySQL ERROR 2: ".mysql_error()); $row = mysql_fetch_assoc($check); $final = $row['password']; if ($final != $pass) { echo"Posted password is: $final mysql password is: $pass"; // header("Location:http://stakket.com/incorrect.php"); } else { $expire = time()+60*60*24*30*12; setcookie("user",$user,$expire,"/",".stakket.com"); header("Location:http://stakket.com/home.php"); } ?>[/php]

ErnieAlex · April 27, 2012, 8:52pm

One other issue that I noted on a couple sites is that Chrome might be pulling a saved password and using that.
You should check your stored passwords. Here is a link that explains how to check them:
http://www.tothepc.com/archives/2-ways-to-view-passwords-stored-in-google-chrome/

One other item I found is the Chrome-Sync which if on can cause issues with passwords. Turn that off unless you really need it for something.

Let us know if you do or don’t figure it out…