PHP & MySQL Authentication issues

[bhughesiii]

Hey all,
I am writing a program that requires registration and authentication. I cannot for the life of me get it all to work. I had the registration working where the user fills in the information and then a function is called that encrypts the password and then stores it all in the database. For some reason this has stopped working. The main issue I was having is when they login with username and password. I encrypt the password, then check it against the database, but it does not want to work. I did some testing to make sure the encrpytion function was encrypting the same password the same way all the time. But it does not work when checking it.. I will post my code, maybe someone can give me a heads up..

include.php

<?php
session_start();
// This script holds all the functions and other trinkets used in the refill program!!!!


@$db = mysql_connect("dee", "dee", "dee") or die('Cannot Connect To DB!!');
@mysql_select_db('users') or die('Cannot Connect To DB!!');


function validatePasswd($passwd, $passwd1){
        if ($passwd == $passwd1){
          return true;
        }
          return false;
}

function validateEmail($email){
        $query = "select * from users where email = '$email'";
        $result = mysql_query($query);
        if($row = mysql_fetch_array($result)){
          return true;
        }
         return false;
}

function cryptpass($passwd){
  return crypt($passwd,'satn');
 }

function registerUser($fname, $lname, $street, $city, $state, $zip, $email, $passwd, $passwd1){
   if(validateEmail($email)){
   $message="This Email Address Already Registered.
";
   }
   if(validatePasswd($passwd, $passwd1) == true){
   $passwd = cryptpass($passwd);
   $query = "insert into users(email,fname,lname,street,city,state,zip,password) values('$email','$fname','$lname','$street','$city','$state','$zip','$passwd')";
   $result = mysql_query($query);
   header('Location: index.php');
   }else{
   $message="Passwords do not match";
  }
}

function logonUser($email, $passwd){
   session_register("logged");//Create session logged.
   $passwd = cryptpass($passwd);//Encrypt password
   $query = "select * from users where email = '$email' and password = '$passwd";
   $result = mysql_query($query);
    if($row = mysql_fetch_array($result)){
     $query = "insert into test(email, passwd) values('$email', '$passwd')";
     $result = mysql_query($query);
     $_SESSION['logged'] == true;
     header ('Location: refill.php');
    }else{
  $message = "Logon Failed";
  }
}
?>

index.php

<?php
session_start();

require 'include.php';

if($_POST['Logon']){
  $_SESSION['email'] = $_POST["email"];
  $_SESSION['passwd'] = $_POST["passwd"];

logonUser($email, $passwd);
}
?>

<html>
<head>
  <title>Fagen Pharmacy: User Logon</title>
</head>
<p align = center><img src = "images/fagen_to_jpeg.gif">
<p align = center><font color = red size = 6>User Logon:</font>
<body>
<?php echo $message; ?>
<form action = index.php method = post>
<table align = center border = 1>
  <tr>
   <td width = 100>Email Address:</td>
   <td><input name = "email" type = text size = 50></td>
  </tr>
  <tr>
   <td width = 100>Password:</td>
   <td><input name = "passwd" type = password size = 50></td>
  </tr>
</table>
        <p align = center><input name = "Logon" type = submit value = "Logon">
</form>
<p align = center><font size = 2>
Enter your email address and password to log into the system. Or, <a href = "register.php">click here</a> to register.
 Thank you.
</body>
</html>

register.php

<?php
session_start();

require 'include.php';
if($_POST['Register']){
registerUser($fname, $lname, $street, $city, $state, $zip, $email, $passwd, $passwd1);
}
?>

<html>
<head>
  <title>Fagen Pharmacy: User Registration</title>
</head>
<p align = center><img src = "images/fagen_to_jpeg.gif">
<p align = "center"><font color = "red" size = "6">User Registration</font>



<body>
<php echo $message; ?>
<form action = "register.php" method = "post">
<table align = center border = 1>
  <tr>
   <td width = 150>First Name:</td>
   <td><input name = "fname" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Last Name:</td>
   <td><input name = "lname" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Address:</td>
   <td><input name = "street" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>City:</td>
   <td><input name = "city" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>State:<font size = "1">(Abbreviation)</font></td>
   <td><input name = "state" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Zip:<font size = "1">(5 or 9 digit)</font></td>
   <td><input name = "zip" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Email Address:</td>
   <td><input name = "email" type = "text" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Password:</td>
   <td><input name = "passwd" type = "password" size = 50></td>
  </tr>
  <tr>
   <td width = 150>Confirm Password:</td>
   <td><input name = "passwd1" type = "password" size = 50></td>
  </tr>
  <tr>
   <td></td>
   <td><input name = "Register" type = "submit" value = "Register">&nbsp<input type = "reset" value = "Reset Fields"></td>
  </tr>
</table>
</form>
<p align = center><font size = "2">Please Note: Your email address will be your username

 Please type your password twice before clicking the <font color = red>"register"</font> button. Thank you</font>
</body>
</html>

 

[Vormund]

Hmm, this line perhaps, from the logonUser() function?

$query = "select * from users where email = '$email' and password = '$passwd";

...which is missing the single quote following $passwd.

 

[bhughesiii]

Oops, I had that in there before, must have forgot to put it back in when I was messing around with different encryption options. Other than that, can you see any reason why it wouldn't work?

 

[Vormund]

Hmm, just to clarify, what isn't working?

Is it...a user logs in, then when the user's password is encrypted and compared with the database - it does not match?

 

[bhughesiii]

Correct, they input their username which is their email address, and their password. They click login and that calls the logonUser() function. The function encrypts the password then is supposed to check against the database. However it is not. It dies right there.

 

[Vormund]

The mysql query dies? In that case, you could use the or die() on the query:

$result = mysql_query($query) or die(mysql_error());

Which would provide the reason...likely syntax somewhere. If that's not it, what is dieing? (Sorry if I'm missing the idea!)

 

[bhughesiii]

If I don't have it check the password, it goes through just fine. It is when the password is part of the select statement is when it doesn't work.

 

[Vormund]

function logonUser($email, $passwd){
	session_register("logged");//Create session logged.
	$passwd = cryptpass($passwd);//Encrypt password
	echo $passwd.":";
	$query = "select * from users where email = '$email'";
	
	$check = mysql_fetch_array($query);
	echo $check['passwd'];
	
	$result = mysql_query($query);
	if($row = mysql_fetch_array($result)) {
		$query = "insert into test(email, passwd) values('$email', '$passwd')";
		$result = mysql_query($query);
		$_SESSION['logged'] == true;
		header ('Location: refill.php');
	} else {
		$message = "Logon Failed";
	}
}

Using that function, (password in the query was removed), does it output the same password? ...everything looks ok...

 

[bhughesiii]

No, the stored password is a few characters short, probably because I only have the SQL field set to a length of 10, and I probably need at least 13... I will try bumping that up and see what happens...

 

[bhughesiii]

Dude this totally rocks!! That is what it was, I made my field accept 15 characters and it is totally working now.

Thanks a mill!! I am still a beginner when it comes to programming so I don't remember all the different ways to check things...