Programming help! :(

LaughingKor

Banned
Joined
Jan 6, 2013
Messages
12,496
Reaction score
0
Currently working on the login / doLogin page, the username and password i entered is correct however it just shows the 'else' statement, " $msg = "<p>Sorry, you must enter a valid username and password to log in.<a href='login.php'>Back</a></p>";.

Any help will be greatly appreciated :(:(

Code:
<?php
session_start();
$msg = "";

if(!isset($_SESSION['email'])) {
    if (isset($_POST['email'])) {
        
        $entered_email = $_POST['email'];
        $entered_password = $_POST['password'];

        include ("dbFunctions.php");

        $query = "SELECT * FROM parent WHERE parent_email = '$entered_email' AND parent_password = SHA1('$entered_password')";
        
        $result = mysqli_query($link, $query) or die(mysqli_error($link));

        if (mysqli_num_rows($result) == 1) {
            $row = mysqli_fetch_array($result);
            $_SESSION['parent_id'] = $row['parent_id'];
            $_SESSION['full_name'] = $row['full_name'];
            $_SESSION['email'] = $row['parent_email'];
            $_SESSION['parent_address'] = $row['parent_address'];
            $_SESSION['role'] = $row['role'];

            $msg = "<p><i>Welcome, " . $_SESSION['email'] . "!</i>";
            $msg .= "<i><br/>Go to <a href='index.php'>Home</a></p></i>";
        } else { 
            $msg = "<p>Sorry, you must enter a valid username and password to log in.<a href='login.php'>Back</a></p>";

Code:
$_POST['email'] and $_POST['password']

These are taken from the input of the previous page (login).

Code:
    if (mysqli_num_rows($result) == 1) {
            $row = mysqli_fetch_array($result);
            $_SESSION['parent_id'] = $row['parent_id'];
            $_SESSION['full_name'] = $row['full_name'];
            $_SESSION['email'] = $row['parent_email'];
            $_SESSION['parent_address'] = $row['parent_address'];
            $_SESSION['role'] = $row['role'];

these are the from the columns of the database
 

natnai

Supremacy Member
Joined
Nov 6, 2007
Messages
8,020
Reaction score
1
Currently working on the login / doLogin page, the username and password i entered is correct however it just shows the 'else' statement, " $msg = "<p>Sorry, you must enter a valid username and password to log in.<a href='login.php'>Back</a></p>";.

Any help will be greatly appreciated :(:(

Code:
<?php
session_start();
$msg = "";

if(!isset($_SESSION['email'])) {
    if (isset($_POST['email'])) {
        
        $entered_email = $_POST['email'];
        $entered_password = $_POST['password'];

        include ("dbFunctions.php");

        $query = "SELECT * FROM parent WHERE parent_email = '$entered_email' AND parent_password = SHA1('$entered_password')";
        
        $result = mysqli_query($link, $query) or die(mysqli_error($link));

        if (mysqli_num_rows($result) == 1) {
            $row = mysqli_fetch_array($result);
            $_SESSION['parent_id'] = $row['parent_id'];
            $_SESSION['full_name'] = $row['full_name'];
            $_SESSION['email'] = $row['parent_email'];
            $_SESSION['parent_address'] = $row['parent_address'];
            $_SESSION['role'] = $row['role'];

            $msg = "<p><i>Welcome, " . $_SESSION['email'] . "!</i>";
            $msg .= "<i><br/>Go to <a href='index.php'>Home</a></p></i>";
        } else { 
            $msg = "<p>Sorry, you must enter a valid username and password to log in.<a href='login.php'>Back</a></p>";

Code:
$_POST['email'] and $_POST['password']

These are taken from the input of the previous page (login).

Code:
    if (mysqli_num_rows($result) == 1) {
            $row = mysqli_fetch_array($result);
            $_SESSION['parent_id'] = $row['parent_id'];
            $_SESSION['full_name'] = $row['full_name'];
            $_SESSION['email'] = $row['parent_email'];
            $_SESSION['parent_address'] = $row['parent_address'];
            $_SESSION['role'] = $row['role'];

these are the from the columns of the database

Hard to tell based on this. Have you tried to var_dump your $_SESSION variables? I have a feeling something is wrong with your $_SESSION variables. Might seem stupid but how are you saving $_SESSION state for users? You really need to check that. But first. var_dump will give you clues. You can execute in terminal as well to see what is the problem from the stack trace if any.

On further thought it seems to me that the most likely possibility is there is either something wrong with your session handlers, which are called when you call session_start(), OR you are not passing a session identifier by POST or your cookie when you are calling session_start(). I think there is a good chance that is why your $_SESSION superglobal is NOT being populated correctly, which is causing the if test to fail and return the else block.
 
Last edited:

davidktw

Arch-Supremacy Member
Joined
Apr 15, 2010
Messages
13,391
Reaction score
1,180
You have quite a big assumption which I would like you to go verify.

Add a debugging statement after the statement below

$query = "SELECT * FROM parent WHERE parent_email = '$entered_email' AND parent_password = SHA1('$entered_password')";

error_log($query)

and see what is the actual MYSQL statement being executed.

  1. Take a close look at the query and see if that is EXACTLY what you intended.
  2. Copy and paste this statement into the MySQL DB directly and see if it actually return at least one row of results.

After that then come back and tell us if you have got your username and password correct. Learn how to perform debugging by slicing into your codes.

More advises for you
  • The way you are doing this assignment is susceptible to SQL injection. All that is required is attack your "email" parameter and funny SQL statements can be created. Since you are using MySQLi, you should learn to use parameters binding in SQL. Go read up more about it from http://www.pontikis.net/blog/dynamically-bind_param-array-mysqli
  • Fundamentally there is no need for the password of the user to be transfer over the wire these days. Since client javascript is almost a requirement in websites, you can easily perform the password hashing using javascript and transfer the hash over for comparison against the hash stored in the database.
  • Since you are trying to pass log,stock,barrel everything returned by the query to your next page, make your work easier using this technique
    $_SESSION['obj'] = mysqli_fetch_assoc($result);
 

LaughingKor

Banned
Joined
Jan 6, 2013
Messages
12,496
Reaction score
0
thanks a lot for your advice guys!!

i think there might be a problem with the

Code:
SELECT * FROM parent WHERE parent_email = '$entered_email' AND parent_password = SHA1('$entered_password')

in the database, i entered just SELECT * FROM parent WHERE parent_email = '$entered_email', while subbing the '$entered_email' with my own database info and it worked, retrieving that email from the table.

however, when i added AND parent_password = SHA1('$entered_password'), with the $entered_password subbed with my own password, it returns nothing.

what could be the problem with the parent_password?


i tried using other online sha1 converter and keyed in my password, and the result was twice as long as the sha values in my database

eg. the sha value stored in my database is '921d561c4521dcf2e0b0', while when i use an online sha converter and keyed in my password, it showed this '921d561c4521dcf2e0b0ed0381c8c39573a8b40a'


EDIT***

ahh guys... i found out that i made a very stupid mistake

when creating the database, i made the max length of the password field to 20, which resulted in half of the encryption only...

anyway really thanks a lot for your help, i really appreciate it :)

will update this thread if i encounter error, hope you guys are able to assist me :s34:
 
Last edited:
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top