Password and confirmation passw not equal after submit

**hsriat** · Feb 13 '08, 10:05 AM

Originally posted by yasmine

Hi friends,
I'm writing a login.php script.
I stored the password in mysql db as encrypted format using md5.
(It's in registration.ph p and it works well).
There is a no problem in registering new users.

When the login form exists, the password and confirm password didn't match always. It shows only "Password didn't match, plz try again".

Can anyone help me.....??? The code which wrongly works is as follows:

while($info = mysql_fetch_arr ay( $check ))
{
$_POST['pass'] = stripslashes($_ POST['pass']);
$info['password'] = stripslashes($i nfo['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_ POST['username']);
$hour = time() + 3600;
setcookie(ID_my _site, $_POST['username'], $hour);
setcookie(Key_m y_site, $_POST['pass'], $hour);
//header("Locatio n: members.php");//temporarily disable this.
}
}

Plz... Tell me the correct code soon...

I couldn't find any reason for the error...
You can though do one thing...
Just before comparing the passwords, echo both the passwords and see whats the reason.
[PHP]while($info = mysql_fetch_arr ay( $check ))
{
$_POST['pass'] = stripslashes($_ POST['pass']);
$info['password'] = stripslashes($i nfo['password']);

//add this temporarily
echo "DB password=".$inf o['password']."<br>Submit ted password=".$_PO ST['pass']."<br>md5 of submitted=";

$_POST['pass'] = md5($_POST['pass']);

//this too
echo $_POST['pass'];

if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_ POST['username']);
$hour = time() + 3600;
setcookie(ID_my _site, $_POST['username'], $hour);
setcookie(Key_m y_site, $_POST['pass'], $hour);
header("Locatio n: members.php");
}
}[/PHP]

Also I don't think its a good idea to save password in db in md5. Use md5 just to save password in cookie. And take md5 of password in db each time you compare it with the cookie's password.

Do ask some senior person too, I'm not sure if its a better way. Do tell me also if its not the right way.

**Markus** · Feb 13 '08, 10:40 AM

Actually, it is best practise to save the md5()'d password into the database, as this if someone were to crack the database, they wouldn't be able to use the passwords. :)

Not even you, the webmaster, should be able to see what the passwords are.

**ronverdonk** · Feb 13 '08, 10:45 AM

Apart from the correct use of MD5 values and $_POST arrays to store temp values:

Are you sure that $info['password'] is already MD5-ed?
Because you compare an MD5 result value in $_POST['pass'] with it.

Ronald

**yasmine** · Feb 14 '08, 04:04 AM

Login

Hi friends,
I'm writing a login.php script.
I stored the password in mysql db as encrypted format using md5.
(It's in registration.ph p and it works well).
There is a no problem in registering new users.
When the login form exists, the password and confirm password didn't match always. It shows only "Password didn't match, plz try again".
The whole code for login.php which I wrote is as follows:

Code:

<?php
 mysql_connect("localhost", "root", "") or die(mysql_error());
 mysql_select_db("mydb") or die(mysql_error());
 if(isset($_COOKIE['ID_my_site']))
 {
  $username = $_COOKIE['ID_my_site'];
  $pass = $_COOKIE['Key_my_site'];
  $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
  while($info = mysql_fetch_array( $check ))
  {
   if ($pass != $info['password'])
   {
   }
   else
   {
    header("Location: members.php");
   }
  }
 }
 if (isset($_POST['submit']))
 {
  if(!$_POST['username'] | !$_POST['pass'])
  {
   die('You did not fill in a required field.');
  }
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
  $check2 = mysql_num_rows($check);
  if ($check2 == 0)
  {
   die('That user does not exist in our database.
   <a href=register.php>Click Here to Register</a>');
  }
  while($info = mysql_fetch_array( $check ))
  {
   $_POST['pass'] = stripslashes($_POST['pass']);
   $info['password'] = stripslashes($info['password']);
   $_POST['pass'] = md5($_POST['pass']);
   if ($_POST['pass'] != $info['password'])
   {
    die('Incorrect password, please try again.');
   }
   else
   {
    $_POST['username'] = stripslashes($_POST['username']);
    $hour = time() + 3600;
    setcookie(ID_my_site, $_POST['username'], $hour);
    setcookie(Key_my_site, $_POST['pass'], $hour);
    header("Location: members.php");
   }
  }
 }
 else
 {
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
   <td colspan=2>
      <h1>Login</h1>
   </td>
</tr>
<tr>
   <td>Username:</td>
   <td>
      <input type="text" name="username" maxlength="40">
   </td>
</tr>
<tr><td>Password:</td>
  <td>
    <input type="password" name="pass" maxlength="50">
  </td>
</tr>
<tr>
  <td colspan="2" align="right">
  <input type="submit" name="submit" value="Login">
  </td>
</tr>
</table>
</form>
<?php
}

?>

Cany any one tell me what is the wrong with this code...???

**dlite922** · Feb 14 '08, 05:35 AM

You read this: http://www.thescripts.com/forum/faq....ask_a_question

while i read your code:

[PHP]
<?php
mysql_connect(" localhost", "root", "") or die(mysql_error ());
mysql_select_db ("mydb") or die(mysql_error ());
if(isset($_COOK IE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SE LECT * FROM users WHERE username = '$username'")or die(mysql_error ());
while($info = mysql_fetch_arr ay( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Locatio n: members.php");
}
}
}
if (isset($_POST['submit']))
{
if(!$_POST['username'] | !$_POST['pass'])
{
die('You did not fill in a required field.');
}
$check = mysql_query("SE LECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error ());
$check2 = mysql_num_rows( $check);
if ($check2 == 0)
{
die('That user does not exist in our database.
<a href=register.p hp>Click Here to Register</a>');
}
while($info = mysql_fetch_arr ay( $check ))
{
$_POST['pass'] = stripslashes($_ POST['pass']);
$info['password'] = stripslashes($i nfo['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['username'] = stripslashes($_ POST['username']);
$hour = time() + 3600;
setcookie(ID_my _site, $_POST['username'], $hour);
setcookie(Key_m y_site, $_POST['pass'], $hour);
header("Locatio n: members.php");
}
}
}
else
{
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<td colspan=2>
<h1>Login</h1>
</td>
</tr>
<tr>
<td>Username: </td>
<td>
<input type="text" name="username" maxlength="40">
</td>
</tr>
<tr><td>Passwor d:</td>
<td>
<input type="password" name="pass" maxlength="50">
</td>
</tr>
<tr>
<td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
<?php
}

?>

[/PHP]

**yasmine** · Feb 14 '08, 08:48 AM

Thank U very much.
As i'm new to this site, i didn't know the rules n regulations...
I never do this again.
Thanks again...

**ronverdonk** · Feb 14 '08, 11:02 AM

Then I suggest you read the Posting Guidelines before you continue!. You have already 16 posts so you are not that new!

Btw this is a double thread from <removed n/a link>

Read the posting guidelines and stop wasting anybody's time with it.

Ronald

**RedSon** · Feb 14 '08, 04:35 PM

Merged.

Please follow the rules or your account may get banned.

Thanks

-Moderator

**yasmine** · Feb 15 '08, 03:41 AM

Originally posted by ronverdonk

Then I suggest you read the Posting Guidelines before you continue!. You have already 16 posts so you are not that new!

Btw this is a double thread from <removed n/a link>

Read the posting guidelines and stop wasting anybody's time with it.

Ronald

Thanx.....
I read it and I'm following......
Can u tell me what is meant by PM questions???

**Markus** · Feb 15 '08, 11:59 AM

Originally posted by yasmine

Thanx.....
I read it and I'm following......
Can u tell me what is meant by PM questions???

Private Messages.
Click on the users profile link, and follow the link to provate messaging,

Password and confirmation passw not equal after submit

Password and confirmation passw not equal after submit

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment