By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,664 Members | 1,669 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,664 IT Pros & Developers. It's quick & easy.

Password and confirmation passw not equal after submit

P: 65
Hi friends,
I'm writing a login.php script.
I stored the password in mysql db as encrypted format using md5.
(It's in registration.php and it works well).
There is a no problem in registering new users.

When the login form exists, the password and confirm password didn't match always. It shows only "Password didn't match, plz try again".

Can anyone help me.....??? The code which wrongly works is as follows:

while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: members.php");
}
}

Plz... Tell me the correct code soon...
Feb 13 '08 #1
Share this Question
Share on Google+
10 Replies


hsriat
Expert 100+
P: 1,654
Hi friends,
I'm writing a login.php script.
I stored the password in mysql db as encrypted format using md5.
(It's in registration.php and it works well).
There is a no problem in registering new users.

When the login form exists, the password and confirm password didn't match always. It shows only "Password didn't match, plz try again".

Can anyone help me.....??? The code which wrongly works is as follows:

while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//header("Location: members.php");//temporarily disable this.
}
}

Plz... Tell me the correct code soon...
I couldn't find any reason for the error...
You can though do one thing...
Just before comparing the passwords, echo both the passwords and see whats the reason.
[PHP]while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);

//add this temporarily
echo "DB password=".$info['password']."<br>Submitted password=".$_POST['pass']."<br>md5 of submitted=";


$_POST['pass'] = md5($_POST['pass']);

//this too
echo $_POST['pass'];

if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: members.php");
}
}[/PHP]

Also I don't think its a good idea to save password in db in md5. Use md5 just to save password in cookie. And take md5 of password in db each time you compare it with the cookie's password.

Do ask some senior person too, I'm not sure if its a better way. Do tell me also if its not the right way.
Feb 13 '08 #2

Markus
Expert 5K+
P: 6,050
Actually, it is best practise to save the md5()'d password into the database, as this if someone were to crack the database, they wouldn't be able to use the passwords. :)

Not even you, the webmaster, should be able to see what the passwords are.
Feb 13 '08 #3

ronverdonk
Expert 2.5K+
P: 4,258
Apart from the correct use of MD5 values and $_POST arrays to store temp values:

Are you sure that $info['password'] is already MD5-ed?
Because you compare an MD5 result value in $_POST['pass'] with it.

Ronald
Feb 13 '08 #4

P: 65
Hi friends,
I'm writing a login.php script.
I stored the password in mysql db as encrypted format using md5.
(It's in registration.php and it works well).
There is a no problem in registering new users.
When the login form exists, the password and confirm password didn't match always. It shows only "Password didn't match, plz try again".
The whole code for login.php which I wrote is as follows:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  mysql_connect("localhost", "root", "") or die(mysql_error());
  3.  mysql_select_db("mydb") or die(mysql_error());
  4.  if(isset($_COOKIE['ID_my_site']))
  5.  {
  6.   $username = $_COOKIE['ID_my_site'];
  7.   $pass = $_COOKIE['Key_my_site'];
  8.   $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
  9.   while($info = mysql_fetch_array( $check ))
  10.   {
  11.    if ($pass != $info['password'])
  12.    {
  13.    }
  14.    else
  15.    {
  16.     header("Location: members.php");
  17.    }
  18.   }
  19.  }
  20.  if (isset($_POST['submit']))
  21.  {
  22.   if(!$_POST['username'] | !$_POST['pass'])
  23.   {
  24.    die('You did not fill in a required field.');
  25.   }
  26.   $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
  27.   $check2 = mysql_num_rows($check);
  28.   if ($check2 == 0)
  29.   {
  30.    die('That user does not exist in our database.
  31.    <a href=register.php>Click Here to Register</a>');
  32.   }
  33.   while($info = mysql_fetch_array( $check ))
  34.   {
  35.    $_POST['pass'] = stripslashes($_POST['pass']);
  36.    $info['password'] = stripslashes($info['password']);
  37.    $_POST['pass'] = md5($_POST['pass']);
  38.    if ($_POST['pass'] != $info['password'])
  39.    {
  40.     die('Incorrect password, please try again.');
  41.    }
  42.    else
  43.    {
  44.     $_POST['username'] = stripslashes($_POST['username']);
  45.     $hour = time() + 3600;
  46.     setcookie(ID_my_site, $_POST['username'], $hour);
  47.     setcookie(Key_my_site, $_POST['pass'], $hour);
  48.     header("Location: members.php");
  49.    }
  50.   }
  51.  }
  52.  else
  53.  {
  54. ?>
  55.  
  56. <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
  57. <table border="0">
  58. <tr>
  59.    <td colspan=2>
  60.       <h1>Login</h1>
  61.    </td>
  62. </tr>
  63. <tr>
  64.    <td>Username:</td>
  65.    <td>
  66.       <input type="text" name="username" maxlength="40">
  67.    </td>
  68. </tr>
  69. <tr><td>Password:</td>
  70.   <td>
  71.     <input type="password" name="pass" maxlength="50">
  72.   </td>
  73. </tr>
  74. <tr>
  75.   <td colspan="2" align="right">
  76.   <input type="submit" name="submit" value="Login">
  77.   </td>
  78. </tr>
  79. </table>
  80. </form>
  81. <?php
  82. }
  83.  
  84. ?>
Cany any one tell me what is the wrong with this code...???
Feb 14 '08 #5

dlite922
Expert 100+
P: 1,584
You read this: http://www.thescripts.com/forum/faq....ask_a_question

while i read your code:


[PHP]
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("mydb") or die(mysql_error());
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
if (isset($_POST['submit']))
{
if(!$_POST['username'] | !$_POST['pass'])
{
die('You did not fill in a required field.');
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.
<a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: members.php");
}
}
}
else
{
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<td colspan=2>
<h1>Login</h1>
</td>
</tr>
<tr>
<td>Username:</td>
<td>
<input type="text" name="username" maxlength="40">
</td>
</tr>
<tr><td>Password:</td>
<td>
<input type="password" name="pass" maxlength="50">
</td>
</tr>
<tr>
<td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
<?php
}

?>

[/PHP]
Feb 14 '08 #6

P: 65
Thank U very much.
As i'm new to this site, i didn't know the rules n regulations...
I never do this again.
Thanks again...
Feb 14 '08 #7

ronverdonk
Expert 2.5K+
P: 4,258
Then I suggest you read the Posting Guidelines before you continue!. You have already 16 posts so you are not that new!

Btw this is a double thread from <removed n/a link>

Read the posting guidelines and stop wasting anybody's time with it.

Ronald
Feb 14 '08 #8

RedSon
Expert 5K+
P: 5,000
Merged.

Please follow the rules or your account may get banned.

Thanks

-Moderator
Feb 14 '08 #9

P: 65
Then I suggest you read the Posting Guidelines before you continue!. You have already 16 posts so you are not that new!

Btw this is a double thread from <removed n/a link>

Read the posting guidelines and stop wasting anybody's time with it.

Ronald

Thanx.....
I read it and I'm following......
Can u tell me what is meant by PM questions???
Feb 15 '08 #10

Markus
Expert 5K+
P: 6,050
Thanx.....
I read it and I'm following......
Can u tell me what is meant by PM questions???
Private Messages.
Click on the users profile link, and follow the link to provate messaging,
Feb 15 '08 #11

Post your reply

Sign in to post your reply or Sign up for a free account.