Passwords never match!

PHP
1

When I match a password a user entered to a password in the database, the don’t match. I can’t find the problem. :frowning:

Can someone help me find the error and tell me what I’m doing wrong?

	$confEmail = mysql_query(
    	sprintf(
        	"SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
       	 	mysql_real_escape_string($_POST['email'])
    	)
	);
	$passFlat = $_POST['pass'];
	$passE = md5($passFlat);
	
	$row = mysql_fetch_row($confEmail);
	
	if($passE == $row[1])

Thanks for the help! Also, if you know how to use mod_rewrite, look at this thread.

2

Since you believe the two variable to be the same value, but are stumped as to why they don’t compare as being equal, it would suggest the values aren’t the same. So, a good next step would be to take a close look at what the values really are, because it can give a great a hint at where the problem manifested itself. var_dump() is a good way to inspect the value of a variable.

3

Here is more code needed for the problem.

$cemail = mysql_real_escape_string($_POST['email']);
$sql = "SELECT Email FROM sq_users WHERE Email = '$cemail'";
$res = mysql_query($sql);
if (!$res) trigger_error(mysql_error().' in '.$sql);
if(0 !== mysql_num_rows($res)){
	$confEmail = mysql_query(
    	sprintf(
        	"SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
       	 	mysql_real_escape_string($_POST['email'])
    	)
	);
	$passFlat = $_POST['pass'];
	$passE = md5($passFlat);
	
	$row = mysql_fetch_row($confEmail);
	
	if($passE == $row[1])

It says $row[1] is NULL. That means something went wrong, I’m assuming, at the “mysql_fetch_row()”. Can someone spot the error? :confused:

4

You might also want to var_dump($row) to see if the array has any values at all, or if it’s even an array.

Depending on the outcome, next step might be to verify the query succeeded. inspect the value of $confEmail, and also see mysql_error() and mysql_num_rows().

5

If pinpointed the error more closely. When I die the error message, I get “Access denied for user ‘SYSTEM’@‘localhost’ (using password: NO)” Here is my SQL code.


require("includes/connect.php");

$cemail = mysql_real_escape_string($_POST['email']);
$sql = "SELECT Email FROM sq_users WHERE Email = ".$cemail;
$res = mysql_query($sql) or die(mysql_error());

Here is connect.php

<?php
$host = "localhost";
$username = "root";
$password = "temple01";
$db_name = "socialquests";

$con = mysql_connect($host, $username, $password);
if (!$con) trigger_error(mysql_error());

$open = mysql_select_db($db_name, $con);
if (!$open) trigger_error(mysql_error());
?>

Thanks for the help! :slight_smile:

6

Is it querying the database correctly ?


$confEmail = mysql_query(
    	sprintf(
        	"SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
       	 	mysql_real_escape_string($_POST['email'])
    	)
	) or die("Query failed: "mysql_error());

and if it is querying the database then check the value

$row = mysql_fetch_row($confEmail);

echo "<pre>";
print_r($row);
echo "</pre>";

This might help u out.

7

That’s not the problem. Read my latest post to be more up-to-date.

8

This line says it all, try to access the database w/o any password. Probably it will help.

9

For more security, I’m not going to try that. Thanks though!

Any other suggestions? Thanks for all your help!

10

If they don’t match, they are 100% not the same. Are you sure the password in the database is not also salted? Or that it is hashed with md5() and not sha1() or something other?

11

Well, if your localhost database does not require a password, then you should not try to use a password…

First fix the connection problem, by using the correct “user” and “pass”, and ofcourse the correct “database”.

Clearly, if the mysql_connect fails, then it must be one of four problems.

  1. wrong host
  2. wrong username
  3. wrong password.
  4. SQL server is not running.

Then it’s possible to move to the next problem (if any still exist).