Link to home
Start Free TrialLog in
Avatar of TLN_CANADA
TLN_CANADAFlag for Afghanistan

asked on

Password Field Acting Strangely with PHP MYSQL

Hi guys,

In the code below for the registration page, it adds all of the fields correctly except the password field. For example if I create a password "!" it stores it in the DB as "1423423435" for example. When I want to go and login I have tried both 1 and 1423423435 but both of them are failing. Does anyone have any idea why it saves it like this? In the DB I have the type for the password field set as VARCHAR.

Thanks,

Derek


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php
 // Connects to your Database

 mysql_connect("xxx)

 mysql_select_db("bubblesdb") or die(mysql_error());


 //This code runs if the form has been submitted

 if (isset($_POST['submit'])) {



 //This makes sure they did not leave any fields blank

 if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] | !$_POST['firstname'] | !$_POST['lastname'] ) {

             die('You did not complete all of the required fields');

       }



 // checks if the username is in use

       if (!get_magic_quotes_gpc()) {

             $_POST['username'] = addslashes($_POST['username']);

       }

 $usercheck = $_POST['username'];

 $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")

or die(mysql_error());

 $check2 = mysql_num_rows($check);



 //if the name exists it gives an error

 if ($check2 != 0) {

             die('Sorry, the username '.$_POST['username'].' is already in use.');

                         }


 // this makes sure both passwords entered match

       if ($_POST['pass'] != $_POST['pass2']) {

             die('Your passwords did not match. ');

       }



       // here we encrypt the password and add slashes if needed

       $_POST['pass'] = md5($_POST['pass']);

       if (!get_magic_quotes_gpc()) {

             $_POST['pass'] = addslashes($_POST['pass']);

             $_POST['username'] = addslashes($_POST['username']);

                   }


//coding for entering DOB into DB

 $birthdate = $_POST['birth_year'] . '-' . $_POST['birth_month'] . '-' . $_POST['birth_day'];


 // now we insert it into the database

       $insert = "INSERT INTO users (username, password, email, first_name, last_name, birthdate)

                   VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."', '".$_POST['firstname']."', '".$_POST['lastname']."', '".'$birthdate'."')";

       $add_member = mysql_query($insert);

       ?>
    <br />
    <br />
    Welcome to Clear the Mirror Website<br />
    <br />
    To begin, please register here: <br />
    <br />

    <?php
 }

 else
 {      
 ?>


 
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

 <table width="400" border="0">

 <tr><td>Username:</td><td>

 <input type="text" name="username" maxlength="60">

 </td></tr>

 <tr><td>Password:</td><td>

 <input type="password" name="pass" maxlength="10">

 </td></tr>

 <tr><td>Confirm Password:</td><td>

 <input type="password" name="pass2" maxlength="10">

 </td></tr>

<tr><td>Email Address:</td><td>

 <input type="text" name="email" maxlength="60">

 </td></tr>

<tr><td>First Name:</td><td>

 <input type="text" name="firstname" maxlength="60">

 </td></tr>
 
 <tr><td>Last Name:</td><td>

 <input type="text" name="lastname" maxlength="60">

 </td></tr>
 
 <tr>
   <td>Date of Birth </td>
   <td><label>Day:
       <select name="birth_day">
         <option value="1">1</option>
         <option value="2">2</option>
         <option value="3">3</option>
       </select>
   Month :
   <select name="birth_month">
     <option value="01">January </option>
     <option value="02">February </option>
   </select>
   Year:
   <select name="birth_year">
     <option value="1991">1991</option>
     <option value="1992">1992</option>
     <option value="1993">1993</option>
   </select>
   </label></td>
 </tr>

 <tr><th colspan=2><input type="submit" name="submit"
value="Register"></th></tr> </table>

 </form>


 <?php

 }
 ?>
Avatar of sivagnanam chandrakanth
sivagnanam chandrakanth
Flag of India image

try changing the varchar length or change the type to text and test..

If the length of the value is greater than field type length, this will happen
Avatar of Loganathan Natarajan
Since you're using md5, the password field should be 32 character support. i.e varchar (32)
This looks like you found a very old script on the internet.  For example, addslashes() is not a technically competent way to filter/escape input for use in a query.  The correct alternatives are documented in the PHP.net web site. Consider using one of these:
http://php.net/manual/en/mysqli.real-escape-string.php
http://php.net/manual/en/pdo.quote.php

This article will likely be helpful:
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Going forward, please consider posting the data you've got -- things like the inputs and the data base CREATE TABLE scripts -- instead of the code.  We have all seen lots of code, both working and non-working, and the code is not nearly as important to the solutions as the data.  If you just show us what you have and what you want to get, the EE community will show you the correct solutions.  Computer programs only do one thing: they transform input data into output data.  So please create some inputs (test data) and show us the desired outputs, and let us help with the code.  As Kettering wrote, "A problem well defined is a problem half solved."
Avatar of TLN_CANADA

ASKER

Thank you Ray for the suggestions, I will post the tables and data outputs in future too.
Since this script that I'm using is outdated, I'm going to suggest to admin that I delete this question and find a new script that I can use going forward.
I've requested that this question be deleted for the following reason:

EE experts have indicated on a couple of questions that the script I'm using is outdated and this is what is causing problems so rather than working on this, best I find a more updated script and start from there.
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry Ray, I missed this link. I will try this and let you know how it goes.
Hi Ray,

I've setup the config.php page, and the login.php page as you suggested. When I load the login page it gives this error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/12/10022112/html/login.php:8) in /home/content/12/10022112/html/config.php on line 13

<?php // config.php

// WHEN WE ARE DEBUGGING OUR CODE, WE WANT TO SEE ALL THE ERRORS!
error_reporting(E_ALL);

// REQUIRED FOR PHP 5.1+ - Fill this in later
date_default_timezone_set('America/Chicago');

// THE LIFE OF THE "REMEMBER ME" COOKIE
define('REMEMBER', 60*60*24*7); // ONE WEEK IN SECONDS

// WE WANT TO START THE SESSION ON EVERY PAGE
session_start();

// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "bubblesdb.db.10022112.hostedresource.com"; // PROBABLY THIS IS OK
$db_name = "bubblesdb";        // GET THESE FROM YOUR HOSTING COMPANY
$db_user = "bubblesdb";
$db_word = "xxx";

// OPEN A CONNECTION TO THE DATA BASE SERVER
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-connect.php
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION: ";
    echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-select-db.php
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION: ";
    echo "<br/> $errmsg <br/>";
    die("NO DATA BASE $db_name");
}

// DEFINE THE ACCESS CONTROL FUNCTION
function access_control($test=FALSE)
{
    // REMEMBER HOW WE GOT HERE
    $_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

    // IF THE UID IS SET, WE ARE LOGGED IN
    if (isset($_SESSION["uid"])) return $_SESSION["uid"];

    // IF WE ARE NOT LOGGED IN - RESPOND TO THE TEST REQUEST
    if ($test) return FALSE;

    // IF THIS IS NOT A TEST, REDIRECT TO CALL FOR A LOGIN
    header("Location: login.php");
    exit;
}

// DEFINE THE "REMEMBER ME" COOKIE FUNCTION
function remember_me($uuk)
{
    // CONSTRUCT A "REMEMBER ME" COOKIE WITH THE UNIQUE USER KEY
    $cookie_name    = 'uuk';
    $cookie_value   = $uuk;
    $cookie_expires = time() + date('Z') + REMEMBER;
    $cookie_path    = '/';
    $cookie_domain  = NULL;
    $cookie_secure  = FALSE;
    $cookie_http    = TRUE; // HIDE COOKIE FROM JAVASCRIPT (PHP 5.2+)

    // SEE http://us3.php.net/manual/en/function.setcookie.php
    setcookie
    ( $cookie_name
    , $cookie_value
    , $cookie_expires
    , $cookie_path
    , $cookie_domain
    , $cookie_secure
    , $cookie_http
    )
    ;
}



// DETERMINE IF THE CLIENT IS ALREADY LOGGED IN BECAUSE OF THE SESSION ARRAY
if (!isset($_SESSION["uid"]))
{

    // DETERMINE IF THE CLIENT IS ALREADY LOGGED IN BECAUSE OF "REMEMBER ME" FEATURE
    if (isset($_COOKIE["uuk"]))
    {
        $uuk = mysql_real_escape_string($_COOKIE["uuk"]);
        $sql = "SELECT uid FROM EE_userTable WHERE uuk = '$uuk' LIMIT 1";
        $res = mysql_query($sql);

        // IF THE QUERY SUCCEEDED
        if ($res)
        {
            // THERE SHOULD BE ONE ROW
            $num = mysql_num_rows($res);
            if ($num)
            {
                // RETRIEVE THE ROW FROM THE QUERY RESULTS SET
                $row = mysql_fetch_assoc($res);

                // STORE THE USER-ID IN THE SESSION ARRAY
                $_SESSION["uid"] = $row["uid"];

                // EXTEND THE "REMEMBER ME" COOKIE
                remember_me($uuk);
            }
        }
    }
}

?>

Open in new window


Maybe I'm setting up the database login fields incorrectly?

Thanks,

Derek
I would like to award Ray the points for this answer. ID: 38577148