Reading Encrypted Password From MySQLDB

Reading Encrypted Password From MySQLDB

am 17.02.2010 11:29:09 von David Hutto

--0-158034508-1266402549=:25205
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Apache/2.2.12 (Ubuntu)
MySQL client version: 5.1.37
PHP extension: mysqli
PHP Version 5.2.10-2ubuntu6.4

I'm doing the tutorial from this site:
http://www.trap17.com/index.php/Php-Simple-Login-Tutorial_t7 887.html

This is register.php


// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");


//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
=A0{
=A0$bInputFlag =3D false;
=A0foreach ( $_POST as $field )
=A0 {
=A0 if ($field == "")
   {
   $bInputFlag =3D false;
   }
=A0 else
   {
   $bInputFlag =3D true;
   }
=A0 }
=A0// If we had problems with the input, exit with error
=A0if ($bInputFlag == false)
=A0 {
=A0 die( "Problem with your registration info. "
   ."Please go back and try again.");
=A0 }

=A0// Fields are clear, add user to database
=A0//=A0 Setup query
=A0$q =3D "INSERT INTO `user_info` (`username`,`password`,`email`) "
=A0 ."VALUES('".$_POST["username"]."') "
=A0 ."PASSWORD('".$_POST["password"]."') "
=A0 ."'".$_POST["email"]."')";
=A0//=A0 Run query
=A0$r =3D mysql_query($q);
=A0
=A0// Make sure query inserted user successfully
=A0if ( !mysql_insert_id() )
=A0 {
=A0 die("Error: User not added to database.");
=A0 }
=A0else
=A0 {
=A0 // Redirect to thank you page.
=A0 Header("Location: register.php?op=3Dthanks");
=A0 }
=A0} // end if


//The thank you page
elseif ( $_GET["op"] == "thanks" )
=A0{
=A0echo "

Thanks for registering!

";
=A0}
=A0
//The web form for input ability
else
=A0{
=A0echo "
\n";
=A0echo "Username:
\n";
=A0echo "Password: =3D\"16\">
\n";
=A0echo "Email Address:
\n=
";
=A0echo "\n";
=A0echo "
\n";
=A0}
// EOF
?>



------------------------------------------------------------ ----

This is login.php



session_start();
// dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
=A0{
=A0if (!$_POST["username"] || !$_POST["password"])
=A0 {
=A0 die("You need to provide a username and password.");
=A0 }
=A0
=A0// Create query
=A0$q =3D "SELECT * FROM `user_info` "
=A0 ."WHERE `username`=3DVALUES('".$_POST["username"]."') "
=A0 ."AND `password`=3DPASSWORD('".$_POST["password"]."') "
=A0 ."LIMIT 1";
=A0// Run query
=A0$r =3D mysql_query($q);

=A0if ( $obj =3D @mysql_fetch_object($r) )
=A0 {
=A0 // Login good, create session variables
=A0 $_SESSION["valid_id"] =3D $obj->id;
=A0 $_SESSION["valid_user"] =3D $_POST["username"];
=A0 $_SESSION["valid_time"] =3D time();

=A0 // Redirect to member page
=A0 Header("Location: members.php");
=A0 }
=A0else
=A0 {
=A0 // Login not successful
=A0 die("Sorry, could not log you in. Wrong login information.");
=A0 }
=A0}
else
=A0{
//If all went right the Web form appears and users can log in
=A0echo "
";
=A0echo "Username:
";
=A0echo "Password: 8\">
";
=A0echo "";
=A0echo "
";
=A0}
?>

Problem:

All users registered through registration page, can't login/get error messa=
ge.

When the password is first written to the db from the registration.php it's=
assigned a unique number. The problem seems to be in aligning how it's val=
idated by the login.php script.

If I manually enter a new user field with the password written directly int=
o the phpMyAdmin, then the login accepts the manually entered user and pass=
word at login.php and transfers to the members page.

All others get the Error: "Sorry, could not log you in. Wrong login informa=
tion."

Can someone please enlighten me as to why registration.php seems to write t=
o the db and the login.php can read/validate from the manual input field bu=
t not know what the key to understanding the password's uniquely generated =
id assigned by the actual registration.php to the password field?

Thanks,
David
=0A
--0-158034508-1266402549=:25205--