Page 31 of 35
Re: Video#5
Posted: Fri Jun 24, 2011 1:59 am
by Nexus
For the authenticate.php it keeps saying wrong username or password when I KNOW what I am entering is correct.
Here is my authenticate.php
Code: Select all
<link href="style.css" rel="stylesheet" type="text/css" />
<div id="authenticate" align="center">
<?php
include 'logo.php';
?>
<?php
include_once 'connect.php';
session_start();
if (isset($_POST['submit']))
{
$player=$_POST['name'];
$password=$_POST['password'];
$player=strip_tags($player);
$password=strip_tags($password);
$password=md5($password);
$query = "select name,password from players where name='$player' and password='$password'";
$result = mysql_query($query) or die("Could not query players");
$result2 = mysql_fetch_array($result);
if ($result2)
{
$_SESSION['player']=$player;
echo "Logged in successfully<br/>";
echo "<A href='index.php'><input type='button' value='Enter the game!' name='button'";
}
else
{
echo "Wrong username or password.<br/>";
echo "<A href='login.php'><input type='button' value='Go Back!' name='button'>";
}
}
?>
Here is my login.php aswell
Code: Select all
<?php
include 'logo.php';
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<form method="POST" action="authenticate.php">
<div id="login" align="center">
Username: <input type="text" name="name" size="21" /><br />
Password: <input type="password" name="password" size="12" mask="x" /><br />
<input type="submit" value="Login" name="submit" /><br />
</form>
Not registered? Register here! <a href="register.php"><input type="button" value="Register" name="button" />
</div>
Re: Video#5
Posted: Fri Jun 24, 2011 11:11 am
by ConceptDestiny
You need to check that the db username and db password equals what the user typed in. Here's a quick way you can achieve that:
Code: Select all
replace your if($result2) with:
if ($result2['name'] == '$player' AND $result2['password'] == '$password')
appending mysql_real_escape_string on your $_POST covers most sql injections, if not all I believe? For example:
$username = mysql_real_escape_string($_POST['username']);
Re: Video#5
Posted: Fri Jun 24, 2011 1:32 pm
by hallsofvallhalla
is your password field in the DB set to 32 characters or more?
Re: Video#5
Posted: Fri Jun 24, 2011 3:17 pm
by Nexus
its set to 12
Re: Video#5
Posted: Fri Jun 24, 2011 3:23 pm
by ConceptDestiny
Ah, then you must change it to 32 character length, as the MD5 encryption create a 128-bit hash value which requires 32 characters for the field.
Re: Video#5
Posted: Fri Jun 24, 2011 3:25 pm
by Nexus
I changed it and I'm still getting the problem :/
Re: Video#5
Posted: Fri Jun 24, 2011 3:26 pm
by ConceptDestiny
Show us your updated code.
Re: Video#5
Posted: Fri Jun 24, 2011 3:28 pm
by Nexus
here it is (authenticate.php)
Code: Select all
<link href="style.css" rel="stylesheet" type="text/css" />
<div id="authenticate" align="center">
<?php
include 'logo.php';
?>
<?php
include_once 'connect.php';
session_start();
if (isset($_POST['submit']))
{
$player=$_POST['name'];
$password=$_POST['password'];
$player=strip_tags($player);
$password=strip_tags($password);
$password=md5($password);
$query = "select name,password from players where name='$player' and password='$password'";
$result = mysql_query($query) or die("Could not query players");
$result2 = mysql_num_rows($result);
if ($result2['name'] == '$player' AND $result2['password'] == '$password')
{
$_SESSION['player']=$player;
echo "Logged in successfully<br/>";
echo "<A href='index.php'><input type='button' value='Enter the game!' name='button'";
}
else
{
echo "Wrong username or password.<br/>";
echo "<A href='login.php'><input type='button' value='Go Back!' name='button'>";
}
}
?>
Re: Video#5
Posted: Fri Jun 24, 2011 3:30 pm
by ConceptDestiny
Check the existing value for the password you're trying to use, as it may be truncated.
Re: Video#5
Posted: Fri Jun 24, 2011 3:32 pm
by Nexus
so check code or my database?