views:

75

answers:

3

Hey guys, I've been bashing my head around for hours now, over this login script. It's the one I always used, and I know it works on my version of MySQL. It just won't send me through to the correct authorized page, it will always redirect to the "login_failed.php" file.

Any help is much appreciated.

<?php
ob_start();
$host="localhost";
$username="*****"; 
$password="*****";
$db_name="*****"; 
$tbl_name="*****";

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$myusername=$_POST['user']; 
$mypassword=$_POST['pass'];

$encrypted_password=md5($mypassword);

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and passwd='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("myusername");
session_register("mypassword"); 
header("location:main.php");
}
else {
header("location:login_failed.php");
}

ob_end_flush();
?>
+2  A: 

there might be two such users in the db... also, check if the values you use in the query are correct. do you use any non-latin/special characters in username/password?

kgb
+1  A: 

What I see that is not quite right about the code:

  1. Most likely you won't need stripslashes() since magic quotes has been deprecated.

  2. You don't need to escape a hashed password. The result of an md5() call can absolutely be trusted to be 32 hexadecimal characters.

  3. Do NOT use SELECT * ... when you don't need all the fields.

  4. You should probably trim() the input ($_POST['user'] and $_POST['pass']) to get rid of extra whitespaces that might've been accidentally inserted.

  5. As ircmaxell pointed out, you are not using the hashed password on the query. I hope that was just a mistake in constructing the query.

  6. You should salt your passwords. Read this article: Just hashing is far from enough.

Now... Have you tried echoing the query and running it yourself to see what's actually going on? eg:

Remove the redirects and put an echo $sql before you call mysql_query()

quantumSoup
Many thanks to all of you for bringing to light my many mistakes and shortcomings. Haven't spent much time with PHP, so I'm not 100% versed in the safest way to do this or the best way to do that. That is why I come to this place, because rather than just giving an answer, or point a problem, you (pretty much) all elaborate, which is great for learning.
TuxMeister
A: 

I could be wrong here, but with just quickly looking at your code you are encrypting the password, but then not using that in the query. try...

//instead of ...
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and passwd='$mypassword'";

//try...        
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and passwd='$encrypted_password'";
Jason