nomadsoulkarma Posted July 31, 2018 Share Posted July 31, 2018 (edited) Does anyone know how to fix this problem: The registration page does insert the data into the database but the login page always returns the error string "'The email address and password entered do not match those on file." I've changed the pass varchar field to 256 as suggested and also changed the select statement as suggested in an earlier post. Then I changed the pass varchar field to 128 as is in the book. Did a lot of other things too but nothing is working. Anyone know how to fix this? Thank You Edited July 31, 2018 by nomadsoulkarma select Link to comment Share on other sites More sharing options...
nomadsoulkarma Posted August 1, 2018 Author Share Posted August 1, 2018 I went directly into phpmyadmin and did a select statemetn without the pass field in the where clause and there was no problem getting a return value for user_id, and first_name, but when I added the pass field in the where clause it returned an empty set. That tells me there is something wrong with the pass field datatype or something in the code. Definitely stuck at this point. Does anyone have a work-around to this? Link to comment Share on other sites More sharing options...
Larry Posted August 1, 2018 Share Posted August 1, 2018 So it really depends upon what method is being used for encrypting and decrypting the password. You've done some great debugging in determining that the email address is fine but the password doesn't match. What code is being used to encrypt and store the password? What code is being used to fetch and check for a password match? Link to comment Share on other sites More sharing options...
nomadsoulkarma Posted August 1, 2018 Author Share Posted August 1, 2018 (edited) This is the select statement to fetch from the pass field -line 55 (login_functions.inc.php): $q = "SELECT user_id, first_name FROM users WHERE email='$e' AND pass=SHA2('$p', 512)"; And this is the insert statement - line 50(register.php): $q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$fn', '$ln', '$e', SHA2('$p', 512), NOW() )"; Edited August 1, 2018 by nomadsoulkarma forgotsomething Link to comment Share on other sites More sharing options...
Larry Posted August 2, 2018 Share Posted August 2, 2018 Okay, good. So SHA2() with a length of 512 should return a string with a length of 128, so VARCHAR(128) or VARCHAR(256) should be fine. I imagine something was just missed along the way which is why a match isn't made. I'd start by registering a new users and logging in that user. Use a simple and obvious password, like "password" (without the quotes). Or you can just run an UPDATE query, updating all the registered users to a new password of "password" (I assume this is all in a test environment with no actual users). You can also do SELECT SHA2('password', 512) in phpMyAdmin to see what that string's value should be. Then if you look at the stored passwords you could see if there's a problem such as the stored value being cut off b/c the database column is too short. Link to comment Share on other sites More sharing options...
nomadsoulkarma Posted August 3, 2018 Author Share Posted August 3, 2018 It is working now, thanks Larry I truncated the table, used varchar(256) again then did an update and also reregistered another user and now am logged in. Thanks. BTW Do you have plans for a new edition of Effortless E-Commerce? Link to comment Share on other sites More sharing options...
Larry Posted August 5, 2018 Share Posted August 5, 2018 Glad to hear it's working! And thanks for your question about the e-commerce book. There's no plans for another edition at the moment, so not for the foreseeable future. Link to comment Share on other sites More sharing options...
Marie Posted January 16, 2019 Share Posted January 16, 2019 I am having the exact same problem or so it seems. So I have tried several different things and I think now I have done exactly what was suggested above. However, I am still getting the same error message - "The email address and password entered do not match those on file." My fake registrants all have the same password but I have truncated the table and started again. My website is based on the code in Chapter 18 but does not require a person to activate their account so this is the code. Thanks for your help. if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT id, username, pass FROM users WHERE email='$e' AND active = 1 "; $r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db)); if (@mysqli_num_rows($r) == 1) { // A match was made. Link to comment Share on other sites More sharing options...
Larry Posted January 16, 2019 Share Posted January 16, 2019 Marie, what is the definition of the password column in the database (its size in particular) and what are you using to encrypt the passwords? Link to comment Share on other sites More sharing options...
Marie Posted January 16, 2019 Share Posted January 16, 2019 Hello Larry, Thanks for replying so quickly. I know you are very busy. I went back through all the files and rechecked everything and then made sure that it matched up exactly to your coding. So NOW it is working but I really don't know what went wrong. I had VARCHAR256 in the password column but would that have made any difference? I had also gone to another source for some help and they continually tell me that my coding is old and is being depreciated. Also, I know my hosting company is using PHP 5.6. At this point I am not sure how PHP is handling password encryption. I have learned a tremendous amount over the years because of your books but just find it hard to keep up with the tour when things are changing all the time. Thanks again. Marie Link to comment Share on other sites More sharing options...
Larry Posted January 22, 2019 Share Posted January 22, 2019 Hey Marie. Thanks for the nice words! Truly appreciated. By PHP, I was wondering how the PHP script is encrypting the password that you're storing (e.g., using the password_hash() function). But if it's working now, maybe that's good enough! Link to comment Share on other sites More sharing options...
Recommended Posts