Jump to content
Larry Ullman's Book Forums

Recommended Posts

Does anyone know how to fix this problem:

The registration page does insert the data into the database but the login page always returns the error string "'The email address and password entered do not match those on file."  I've changed the pass varchar field to 256 as suggested and also changed the select  statement as suggested in an earlier post.  Then I changed the pass varchar field to 128 as is in the book.  Did a lot of other things too but nothing is working.   Anyone  know how to fix this?   Thank You

Edited by nomadsoulkarma
select
Link to comment
Share on other sites

I went directly into phpmyadmin and did a select statemetn without the pass field in the where clause and there was no problem getting a return value for user_id, and first_name, but when I added the pass field in the where clause it returned an empty set.  That tells me there is something wrong with the pass field datatype or something in the code. Definitely stuck at this point. Does anyone have a work-around to this?

Link to comment
Share on other sites

So it really depends upon what method is being used for encrypting and decrypting the password. You've done some great debugging in determining that the email address is fine but the password doesn't match. What code is being used to encrypt and store the password? What code is being used to fetch and check for a password match?

Link to comment
Share on other sites

This is the select statement to fetch from the pass field -line 55 (login_functions.inc.php):

    $q = "SELECT user_id, first_name FROM users WHERE email='$e' AND pass=SHA2('$p', 512)";

And this is the insert statement - line 50(register.php):

$q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$fn', '$ln', '$e', SHA2('$p', 512), NOW() )";

Edited by nomadsoulkarma
forgotsomething
Link to comment
Share on other sites

Okay, good. So SHA2() with a length of 512 should return a string with a length of 128, so VARCHAR(128) or VARCHAR(256) should be fine. I imagine something was just missed along the way which is why a match isn't made. I'd start by registering a new users and logging in that user. Use a simple and obvious password, like "password" (without the quotes). Or you can just run an UPDATE query, updating all the registered users to a new password of "password" (I assume this is all in a test environment with no actual users). 

You can also do SELECT SHA2('password', 512) in phpMyAdmin to see what that string's value should be. Then if you look at the stored passwords you could see if there's a problem such as the stored value being cut off b/c the database column is too short. 

Link to comment
Share on other sites

  • 5 months later...

I am having the exact same problem or so it seems. So I have tried several different things and I think now I have done exactly what was suggested above. However, I am still getting the same error message - "The email address and password entered do not match those on file."

My fake registrants all have the same password but I have truncated the table and started again. My website is based on the code in Chapter 18 but does not require a person to activate their account so this is the code. Thanks for your help.

	if ($e && $p) { // If everything's OK.
		// Query the database:
		$q = "SELECT id, username, pass FROM users WHERE email='$e' AND active = 1 ";
		
		$r = mysqli_query($db, $q) or trigger_error("Query: $q\n<br>MySQL Error: " . mysqli_error($db));
		
if (@mysqli_num_rows($r) == 1) { // A match was made.

 

Link to comment
Share on other sites

Hello Larry,

Thanks for replying so quickly. I know you are very busy.

I went back through all the files and rechecked everything and then made sure that it matched up exactly to your coding. So NOW it is working but I really don't know what went wrong.

I had VARCHAR256 in the password column but would that have made any difference?

I had also gone to another source for some help and they continually tell me that my coding is old and is being depreciated. Also, I know my hosting company is using PHP 5.6.

At this point I am not sure how PHP is handling password encryption.

I have learned a tremendous amount over the years because of your books but just find it hard to keep up with the tour when things are changing all the time.

Thanks again.

Marie

 

Link to comment
Share on other sites

Hey Marie. Thanks for the nice words! Truly appreciated. By PHP, I was wondering how the PHP script is encrypting the password that you're storing (e.g., using the password_hash() function). But if it's working now, maybe that's good enough!

Link to comment
Share on other sites

 Share

×
×
  • Create New...