Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
  1. #16
    New Coder
    Join Date
    May 2010
    Posts
    79
    Thanks
    8
    Thanked 0 Times in 0 Posts
    OK; this is rather strange. The new code works perfectly. For one user. New users I create are still unable to use this login box; the problem is the same as before.

    Andrew

  2. #17
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    How are you comparing the username and passwords? The original code used just a single username and a single password.

  3. #18
    New Coder
    Join Date
    May 2010
    Posts
    79
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I'm checking using this code:

    PHP Code:
    $query "SELECT user_id, username FROM mismatch_user WHERE username = '$user_username' AND password = SHA('$user_password')"
    For some reason, though, I don't think those variables are being cleared from their original values (Which would have been the user jimi and the password heyjoe)

    Would clearing the variables at the end of the script fix this problem?

    Andrew

  4. #19
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    No, variables are discarded at the end of the script run unless its a session variable.
    Post the entire block you are using for this now. It is also possible that you are running on a cached page, which can be gotten around by simply adding a unique querystring: t=as3939 for example. Anytime the querystring changes, the page is no longer cached.

  5. #20
    New Coder
    Join Date
    May 2010
    Posts
    79
    Thanks
    8
    Thanked 0 Times in 0 Posts
    This is what my login.php file currently looks like:

    PHP Code:
    <?php
      
    require_once('connectvars.php');

    if (isset(
    $_SERVER['HTTP_AUTHORIZATION']))
    {
        list(
    $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':'base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
    }  

      if (!isset(
    $_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
        
    // The username/password weren't entered so send the authentication headers
        
    header('HTTP/1.1 401 Unauthorized');
        
    header('WWW-Authenticate: Basic realm="Mismatch"');
        exit(
    '<h3>Mismatch</h3>Sorry, you must enter your username and password to log in and access this page. If you ' .
          
    'aren\'t a registered member, please <a href="signup.php">sign up</a>.');
      }

      
    // Connect to the database
      
    $dbc mysqli_connect(DB_HOSTDB_USERDB_PASSWORDDB_NAME);

      
    // Grab the user-entered log-in data
      
    $user_username mysqli_real_escape_string($dbctrim($_SERVER['PHP_AUTH_USER']));
      
    $user_password mysqli_real_escape_string($dbctrim($_SERVER['PHP_AUTH_PW']));

      
    // Look up the username and password in the database
      
    $query "SELECT user_id, username FROM mismatch_user WHERE username = '$user_username' AND password = SHA('$user_password')";
      
    $data mysqli_query($dbc$query);

      if (
    mysqli_num_rows($data) == 1) {
        
    // The log-in is OK so set the user ID and username variables
        
    $row mysqli_fetch_array($data);
        
    $user_id $row['user_id'];
        
    $username $row['username'];
      }
      else {
        
    // The username/password are incorrect so send the authentication headers
        
    header('HTTP/1.1 401 Unauthorized');
        
    header('WWW-Authenticate: Basic realm="Mismatch"');
        exit(
    '<h2>Mismatch</h2>Sorry, you must enter a valid username and password to log in and access this page. If you ' .
          
    'aren\'t a registered member, please <a href="signup.php">sign up</a>.');
      }

      
    // Confirm the successful log-in
      
    echo('<p class="login">You are logged in as ' $username '.</p>');
    ?>

  6. #21
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Comment out this else:
    PHP Code:
      else {
        
    // The username/password are incorrect so send the authentication headers
        
    header('HTTP/1.1 401 Unauthorized');
        
    header('WWW-Authenticate: Basic realm="Mismatch"');
        exit(
    '<h2>Mismatch</h2>Sorry, you must enter a valid username and password to log in and access this page. If you ' .
          
    'aren\'t a registered member, please <a href="signup.php">sign up</a>.');
      } 
    And print out the results of $query after its been declared. Copy that out and run it manually against the database using a tool or just a command line interface. Does that produce results?
    You can also try simply selecting on the where for the username, and visually comparing the passwords. More often than not I find that the password causing the issues when it comes to authentication than anything else, but it all depends on what you have done to generate the password in the first place.

  7. #22
    New Coder
    Join Date
    May 2010
    Posts
    79
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Hm. I'm not getting any results from running this manually in PHPmyAdmin. So is is the SHA encryption that's fouling things up?

    AA

  8. #23
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by authorandrew View Post
    Hm. I'm not getting any results from running this manually in PHPmyAdmin. So is is the SHA encryption that's fouling things up?

    AA
    It could be, how did you create the users for this?
    Try pulling with just the username and comparing the results (you can do that in PHPMyAdmin). Query for the password as well, and see if it matches a SHA call of the same (using a SELECT username, password, SHA('yourinputpassword') FROM yourtable WHERE username='providedusername').

  9. #24
    New Coder
    Join Date
    Jul 2011
    Posts
    13
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    That would be modified in the httpd.conf, but now that I think of it that should only apply if you're using an htpasswd file which defeats the purpose of using PHP at all.

    wait, are you on an IIS or Apache server? Run this and post the results, use whatever you want for the username and password, preferably something that doesn't authenticate:
    PHP Code:
    <?php
    session_start
    ();
    if (!isset(
    $_SESSION['hastried']))
    {
        
    $_SESSION['hastried'] = true;
        
    header('HTTP/1.0 401 Unauthorized');
        
    header('WWW-Authenticate: Basic realm="Log In"');
        die(
    'Log in required.');
    }

    printf('<pre>%s</pre>'print_r($_SERVERtrue));
    ?>
    That looks like it should work. Try that.
    hi, I have the same problem, and I try this code, the result is 'Log in required', then I add a .htaccess file, but it does not work. now what I should do? thank you very much


 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •