Login script not working!

General PHP Help
#1

Login script works if I just set password in database as a regular varchar text and don’t decrypt password in scripts so I know it has something to do with how I set the password such as to sha(‘password’) and maybe, i need to do something else to it before submitting in queries to database but I don’t know what. Each time time a user tries to log in, $count is 0.
Please help me out by pointing to where I need to fix or what to add in. I just need a very basic and simple login page that works.
Registration script:
[php]<?php
include “header.php”;
$user_name= $_POST[‘user_name’];
$pass=$_POST[‘pass’];
$pass1=$_POST[‘pass1’];
$First_name=$_POST[‘First_name’];
$Last_name=$_POST[‘Last_name’];

if (isset($_POST[‘submit’])) {
if(empty($user_name)) {
echo ‘You need to fill in a username’;
} else {
trim($user_name);
}
if(!empty($pass)) {
if ($pass != $pass1) {
echo ‘Your password did not match the confirmed password.’;
} else {
trim($pass);
}
} else {
echo ‘You forgot to enter your password.’;
}
if(empty($First_name)) {
echo ‘You forgot to put in your first name’;
} else {
trim($First_name);
}
if(empty($Last_name)) {
echo ‘You forgot to put in your last name’;
} else {
trim($Last_name);
}
if(!empty($user_name) && !empty($pass) && !empty($pass1) && !empty($First_name) && !empty($Last_name) && ($pass==$pass1)){
$dbc = mysqli_connect(‘localhost’, ‘’, ‘’, ‘’)
or die(‘Error connecting to MySQL server.’);

	$query = "INSERT INTO mablib_user (user_id, user_name, pass, First_name, Last_name) VALUES (NULL, '$user_name', SHA('$pass'), '$First_name', '$Last_name' )";
	$result = mysqli_query($dbc, $query)
		or die('Error querying database.');
	echo '<p>Your account has been successfully created. You are now ready to log in<a href="MainPage.php">Log In Now!</a></p>';

	mysqli_close($dbc);
}

}
?>[/php]
LoginForm

<form method="post" action="login.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>User Login</strong></td> </tr> <tr> <td width="78">Username:</td> <td width="294"><input type="text" name="user_name" id="user_name"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="pass"></td> </tr> <tr> <td>&nbsp;</td> <td>&nbsp;</td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </td> </form>

login.php
[php]<?php
session_start();
include “header.php”;
$dbc = mysqli_connect(‘localhost’, ‘’, ‘’, ‘’)
or die(‘Error connecting to MySQL server.’);

$user_name = $_POST[‘user_name’];
$pass = $_POST[‘pass’];

$user_name = stripslashes($user_name);
$pass = stripslashes($pass);
$user_name = mysqli_real_escape_string($user_name);
$pass = mysqli_real_escape_string($pass);
	
$query = "SELECT * FROM user 
					WHERE user_name ='$user_name' 
					and pass = SHA('$pass')";
					
$result = mysqli_query($dbc, $query)
		or die('Error querying database.');
		
$count = mysqli_num_rows($result);
		if($count==1) {
			$_SESSION['user_name'] = $user_name;
			$_SESSION['user_id'] = $user_id;
			header("location:storychoice.php");
		}
		else {
		echo "You must enter a valid username and password. If you are NOT a registered user, please <a href='register.php'>Register</a>.";
		}
			mysqli_close($dbc);

?>[/php]
Database SQL Table for users
DATABASE
CREATE TABLE IF NOT EXISTS user (
user_id int(10) unsigned NOT NULL AUTO_INCREMENT,
user_name varchar(30) NOT NULL,
pass char(40) NOT NULL,
First_name varchar(50) NOT NULL,
Last_name varchar(50) NOT NULL,
PRIMARY KEY (user_id)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

Thanks in Advance!!

#2

I have not ever used SHA() (and don’t know if it exists)

Why don’t you do this instead…

$pass = hash(‘sha256’, $_POST[‘pass’];

in your registration you should either hash both passwords right away and then compare them, or compare them and then encrypt the pass and insert it into the db. You should also change the varchar to 64 characters instead of 40

#3

I found some mistake in both of your queries, the register and login

the query for register should be

[php]
$query = “INSERT INTO mablib_user (user_id, user_name, pass, First_name, Last_name) VALUES (NULL, ‘$user_name’,’”.SHA(’$pass’)."’, ‘$First_name’, ‘$Last_name’ )";
[/php]

the query for login should be
[php]
$query = “SELECT * FROM user WHERE user_name =’$user_name’ AND pass = '”.SHA(’$pass’)."’";
[/php]

Copy and replace the whole query

Good luck and let me know if it works

#4

Yes, it is working now if i put down the code you gave me. Thank you for taking the time to look over it and help me with this. Happy Thanks Giving! :slight_smile:

#5

not a problem

Happy thanksgiving you too

Sponsor our Newsletter | Privacy Policy | Terms of Service