If Password Entered Wrong, Real Password Changes

General PHP Help
#1

Hi all, I’ve stumbled over a bug which I’m not sure how to fix. For some reason, my login code is messed up? If I enter the username and password correctly, nothing happens and I log in. Yet if I enter a wrong password, it tells me my password is wrong (like it should) yet changes the database password to something random? So neither what I just typed nor the actual password is correct… any help with this?

here’s the basic login code, without anything sanitized and whatnot:

[code]<?php

if($loggedin == ‘0’)
{
if(isset($_POST[‘submit’]))
{

// Make sure all forms were filled out.

if((!isset($_POST[‘username’])) ||
(!isset($_POST[‘pass’]))
|| ($_POST[‘username’] == ‘’) || ($_POST[‘pass’] == ‘’))
die(“Please fill out the form completely.


Continue”);

// Get user’s record from database
$player = mysql_query(“SELECT * FROM users WHERE username = '”.$_POST[‘username’]."’ AND active IS NULL");
$player = mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if($player[‘id’] == false)
die(“Sorry, that user is not in our database or your account isn’t activated.


Back”);
else if($player[‘password’] != md5($_POST[‘pass’]))
die(“Wrong password!


Back”);

$_SESSION[‘id’] = $player[‘id’];
$_SESSION[‘username’] = $player[‘username’];
$_SESSION[‘password’] = $player[‘password’];
$_SESSION[‘callname’] = $player[‘callname’];
$_SESSION[‘email’] = $player[‘email’];

$date = date(“m/d/y”);

$update = @mysql_query(“UPDATE users SET lastlogin = ‘$date’ WHERE id = '”.$_SESSION[‘id’]."’");

echo ‘’;

}
else
{
echo ’

<tr align=center>
<td width=200px>
<i><b>Sign in</b></i></td></tr>
<tr><td valign=middle>
	<table><tr><td><input type=text name=username placeholder=Username size=25></td></tr></table>
</td></tr>
<tr>
<td valign=middle>
	<table><tr><td><input type=password placeholder=Password name=pass size=25></td></tr></table>
</td>
</tr>
<tr><td align=right width=200px><input type=submit name=submit value=Login class=button><br /><br /><a href=#>Register!</a> or <a href=forgotpass.php>Forgot password?</a>
</form><br /><br /></td><tr><td align=left><iframe src="chat.php" width="100%" height="410px" align="left" frameborder="0" style="overflow:visible;"></iframe></tr></td></div>
</tr></table></div></center>';

}
}

else
{
$player_q = mysql_query(“SELECT callname FROM users WHERE id = '”.$_SESSION[‘id’]."’");
$player_r = mysql_fetch_assoc($player_q);
$player = $player_r[‘callname’];

echo ’


Welcome Back!
Hey again, ‘.$player.’!

Gold: 0
Inbox Status:Old

Recent Posts: Old

2 users online


Logout?

’;

echo ’

';

}

?>[/code]

#2

There’s nothing in that code that would randomize the password and update the database. Some odd chance you have a trigger on the database or something?

But… what’s going on with:
mysql_real_escape_string($username);
mysql_real_escape_string($password);

Where is $password being used? I’m also curios if there’s something weird going on with magic_quotes_gpc and your “random password” is a password string hashed with slashes present.

Soapbox: Dump the mysql code in favor of mysqli or PDO - mysql is being depreciated. PDO will make your life a whole lot easier. End Soapbox :wink:

#3

I think the problem is the edit profile page, which allows one to change the password, but I can’t seem to find the problem:

[code]<?php

include(‘config.php’);
include(‘header.php’);
if($_SESSION[‘id’]=="") {
header(“Location: YouMustLogInNotice.html”);
}

if(isset($_POST[‘btnedit’])){
$callname = $_POST[‘callname’];
$email = $_POST[‘email’];
$password = md5(mysql_escape_string($_POST[‘password’]));

$sql = mysql_query( “UPDATE users SET callname=’”.$callname."’, email=’".$email."’, password=’".$password."’ WHERE id=’".$_SESSION[‘id’]."’" );

if($sql){
echo “”;
}else{
echo “”;
}

}

$sql = mysql_query( “SELECT * FROM users WHERE id=’”.$_SESSION[‘id’]."’" );
$row = mysql_fetch_array($sql);

$user = $userfinal;

echo "

Edit profile

ID#: ".$user."
Name:
Email:
Password:
Registered: ".$row['registered']."
Last Login: ".$row['lastlogin']."

";

?>

<?php include('footer.php'); ?>[/code]

PDO, huh? Will check it out later. ^^

Sponsor our Newsletter | Privacy Policy | Terms of Service