One php file not working in membership script

Question

My membership script is working except this one file. When I type username and password in the login form the check.php gives me this message "Please enter all information". The only information on the login form is username and password. The action of the login form is posted on check.php

I need this script to check the username and md5 encrypted password in my database and redirect to member area. I'm using random passwords. This is the only problem. Here is the check.php script. Please let me know what I need to do for this to work. I got this script from someone else and they don't know how to fix it either. I don't know php. Just want to copy and paste. Thanks

============================

<?
/* Check Username Script */
session_start();  // Start Session

include 'database.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
    echo "Please enter ALL of the information! <br />";
    include 'login_form.html';
    exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }
        // Register some session variables!
        session_register('first_name');
        $_SESSION['first_name'] = $first_name;
        session_register('last_name');
        $_SESSION['last_name'] = $last_name;
        session_register('email_address');
        $_SESSION['email_address'] = $email_address;
        session_register('special_user');
        $_SESSION['user_level'] = $user_level;

        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

        header("Location: members.php");
    }
} else {
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
    include 'login_form.html';
}
?>

This is the only part of the script that I could copy here. I'm using sessions. Action is POST.

Answer 1

It sounds like a typo, either when you set the $username $password variables, or in your form. Check that name is correct on the form inputs :)

also, it is better to use isset($username) instead of !$username. Doesn't give a warning :)

Answer 2

Hi starlight22,

please post the content of login_form.html. I guess that this form is either using GET instead of POST or the input fields are not named "username" and "password".

Something else: This code contains a very serious security issue:

$username = $_POST['username']
mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");

This means that an attacker can manipulate the sql statement. For example the username:

admin'--

will result in this sql query:

SELECT * FROM users WHERE username='admin'--' AND password='egal' AND activated='1'

which means:

SELECT * FROM users WHERE username='admin'

And will grant access if a user named "admin" exists, ignoring the password.

Note: Filtering for -- will not help as there are number of other ways to have fun with this. You need to mysql_real_escape_string($username) to escape special characters in the input. More information is available at http://php.net/manual/en/function.mysql-real-escape-string.php

Answer 3

In your form, make sure the input fields that ask for the username and password have the correct name associated with it.

For example:

<input type='text' name='username'>
<input type='password' name='password'>

The value after name= is what gets passed as the variable name. To demonstrate that, the input field:

<input type='text' name='thisIsMyName'>

will show up in the PHP script as:

$_POST['thisIsMyName'];

If you post the HTML of the form that is being submitted, we can give you further details on it.