BetterPHP

Issue:

I tested a few different password and username combinations to ensure the login system only allowed the correct combination to work, and I found that no matter combination i use, it logs me in even if that information is not in the DB! Here is my code for the users.inc.php and login.php:

[syntax=php]<?php

// checks if the given username exists in the table
function user_exists($user){

$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

// checks if the given username and password combo is valid
function valid_credentials($user, $pass){

$user = mysql_real_escape_string($user);

$pass = sha1($pass);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;

}

// adds a user to the database
function add_user($user, $pass){

$user = mysql_real_escape_string(htmlentities($user));

$pass = sha1($pass);

mysql_query("INSERT INTO `blogusers` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}') ");

}

?>[/syntax]

[syntax=php]<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}

if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}

if (valid_credentials($_POST['username'], $_POST['password'] === false)){
$errors[] = 'Username / Password is Incorrect';
}
if (empty($errors)){
// log in
$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: index.php');
die();
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Blog Login</title>
</head>

<body>

<form action="" method="post">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>/><BR /><BR />
<label for="password">Password:</label>
<input type="password" name="password" id="password"/><BR /><BR />
<input type="submit" value="login"/>
</form>

<div>

<?php

if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo"<li>{$error}</li>";
}
?>
</ul>
<?php
}else{

echo '';
}

?>
</div>
<p><a href="../index.php">Back to the blog</a></p>
</body>
</html>
[/syntax]

this could be it.
You're checking to see if $_POST['password'] is false as an argument for valid_credentials.

This
[syntax=php]if (valid_credentials($_POST['username'], $_POST['password'] === false)){
$errors[] = 'Username / Password is Incorrect';
}[/syntax]

Should be this:
[syntax=php]if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username / Password is Incorrect';
}[/syntax]

Temor, thanks for the fast response, but those look exactly the same? Your two answers this and should be this..

My mistake!! Sorry these poor eyes haha. Thanks it worked perfectly!!

kgdd wrote:My mistake!! Sorry these poor eyes haha. Thanks it worked perfectly!!

Easy to miss one parentheses

Always happy to help!

You want to tackle another problem? Making a function and webpage for deleting users from the table?

Here's my users.php page:

[syntax=php]<?php
include('core/init.inc.php');

$query="SELECT * FROM blogusers";
$result=mysql_query($query);

$num=mysql_numrows($result);

if (isset($_GET['action'])){
if ($_GET['action'] == 'delete'){
delete_user($_GET['userid']);
}
}

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Magicfish Manage Users</title>
</head>

<body>
<a href="index.php">Admin Home</a>

<div>
<table border="0" cellspacing="2" cellpadding="2">
<tr>
<th>Username</th>
<th>Profile</th>
<th>Actions</th>
</tr>

<?php
$i=0;
while ($i < $num) {

$username=mysql_result($result,$i,"user_name");
$password=mysql_result($result,$i,"user_password");
?>

<tr>
<td><?php echo $username; ?></td>
<td>Profile</td>
<td><a href="?action=delete&userid=<?php echo $username; ?>">Delete User</a></td>
</tr>

<?php
$i++;
}
?>

</div>

</body>
</html>
[/syntax]

And here is the function:

[syntax=php]// delete a user
function delete_user($userid){
$username = $userid;

mysql_query("DELETE FROM `blogusers` WHERE `user_name` = {$username}");
}[/syntax]

Any thoughts why it isn't working?

are you getting any errors? What exactly isn't working? Is it not removing the user?

/Edit

[syntax=sql]DELETE FROM `blogusers` WHERE `user_name` = {$username}[/syntax]

{$username} should have semi-quotes around it ( ' ).

Like this:
[syntax=sql]DELETE FROM `blogusers` WHERE `user_name` = '{$username}'[/syntax]
I doubt that's what's causing your problem though.

it "worked". I put that in quotes because I had to click the Delete User link twice before it actually deleted the user.. any thoughts..? Weird I know.

kgdd wrote:it "worked". I put that in quotes because I had to click the Delete User link twice before it actually deleted the user.. any thoughts..? Weird I know.

That is most likely caused due to you outputting the name of the user before you actually run the logic to delete it from the database... It shows up, but it's been deleted.

You could try to run the logic for deletion before the output of the username and see if it helps.

I had the same problem myself a while back.... Switched a few lines around and voila!