-3

Have an issue with my login script - users register or I can add on my admin panel but when they go to login they are advised their username/email or password is incorrect - I know neither is but there is a salt password hash in place.

<?php

// login_process.php

// LOGIN RESPONSES 
//
// 1    Login successful
// 0    ...
// -1   Database error
// -2   Data fields empty
// -3   Username/email address not registered
// -4   Password incorrect
// -5   
//

include_once("check_login_status.php");
// If user is already logged in, just update page
if($user_ok == true){
    header("location: index.php");
    exit();
}

// AJAX CALLS THIS LOGIN CODE TO EXECUTE
if(isset($_POST["e"])){
    // CONNECT TO DATABASE
    include_once("db_conx.php");
    // GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE
    $e = mysqli_real_escape_string($mysqli, $_POST["e"]);
    $p = $_POST["p"];
    // GET USER IP ADDRESS
    $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
    // FORM DARA ERROR HANDLING
    if($e == "" || $p == ""){
        echo -2;
        exit();
    } else {
        // END FORM DATA ERROR HANDLING
        $sql = "SELECT mem_id, mem_username, mem_pwd, mem_salt, mem_active, mem_level FROM smd_members WHERE (mem_email='$e' OR mem_username='$e') AND mem_active=1 LIMIT 1";
        $query = mysqli_query($mysqli, $sql);
        if(mysqli_errno($mysqli)){
            echo -1;
            exit();
        }
        if(mysqli_num_rows($query) == 0){
            echo -3;
            exit();
        }
        $row = mysqli_fetch_row($query);
        $db_id = $row[0];
        $db_username = $row[1];
        $db_pass_str = $row[2];
        $db_pass_salt = $row[3];
        $db_active = $row[4];
        $db_level = $row[5];    

        $salt_complete = '$2y$14$'.$db_pass_salt;       

        // encrypt password with salt
        $crypt = crypt($p, $salt_complete);

        if($db_active == 0){
            header("location: ../reactivate.php?u=".$db_id);
        }


        if($crypt != $db_pass_str){
            echo -4;
            exit();
        } else {
            // CREATE THEIR SESSIONS AND COOKIES
            $_SESSION['userid'] = $db_id;
            $_SESSION['username'] = $db_username;
            $_SESSION['password'] = $db_pass_str;
            $_SESSION['level'] = $db_level;
            setcookie("id", $db_id, strtotime('+30 days'), "/", "", "", TRUE);
            setcookie("user", $db_username, strtotime('+30 days'), "/", "", "", TRUE);
            setcookie("pass", $db_pass_str, strtotime('+30 days'), "/", "", "", TRUE);
            setcookie("level", $db_level, strtotime('+30 days'), "/", "", "", TRUE);
            // UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
            $sql = "UPDATE smd_members SET mem_lastip='$ip', mem_lastlogin=now() WHERE mem_username='$db_username' LIMIT 1";
            $query = mysqli_query($mysqli, $sql);
            echo 1;
            exit();
        }
    }
    exit();
}
?>
user3328557
  • 100
  • 3
  • 15

1 Answers1

0
<?php

// signup_process.php

if(!isset($_POST["e"])){
    // user has got here incorrectly
    // redirect back to index.php (TODO...)
    echo -10;
    exit();
}

include_once("db_conx.php");
// get all varibles and make them db safe
$f = mysqli_real_escape_string($mysqli, $_POST["f"]);
$l = mysqli_real_escape_string($mysqli, $_POST["l"]);
$e = mysqli_real_escape_string($mysqli, $_POST["e"]);
$p = $_POST["p"];
$u = mysqli_real_escape_string($mysqli, $_POST["u"]);
$a = $_POST["a"];
$id; // temp holder for later


// first check username or email is not used
$query = "SELECT mem_id FROM smd_members WHERE mem_username = '$u' OR mem_email = '$e'";
$result = mysqli_query($mysqli, $query);
if(mysqli_errno($mysqli)){
    // error with db
    error_log("E: ".$_SERVER['REQUEST_TIME']." ".__FILE__." ".__LINE__." Database error - ".mysqli_error($mysqli)."\n",0);
    echo 0;
    exit();
}
elseif(mysqli_num_rows($result)){
    // username or email address already used
    echo -1;
    exit();
}

// crypt password with random salt using Blowfish
// create salt
$salt = "";
$salt_chars = array_merge(range('A','Z'), range('a','z'), range(0,9));
for($i = 0; $i < 22; $i++){
    $salt .= $salt_chars[array_rand($salt_chars)];
}
$salt_complete = '$2y$14$'.$salt;

// encrypt password with salt
$crypt = crypt($p, $salt_complete);

// get user ip
$ip = $_SERVER['REMOTE_ADDR'];

$query = "INSERT INTO smd_members (mem_username, mem_firstname, mem_lastname, mem_email, mem_pwd, mem_salt, mem_signedup, mem_lastlogin, mem_signupip, mem_lastip, mem_avatarid, mem_active, mem_level) VALUES ('$u', '$f', '$l', '$e', '$crypt', '$salt', NOW(), NOW(), '$ip', '$ip', 0, 1, ".intval($a).")";

mysqli_query($mysqli, $query);
if(mysqli_errno($mysqli)){
    // error with db
    error_log("E: ".$_SERVER['REQUEST_TIME']." ".__FILE__." ".__LINE__." Database error - ".mysqli_error($mysqli)."\n",0);
    echo 0;
    exit();
}
else{
    $id = mysqli_insert_id($mysqli);
}

// now create login session and cookie. COOKIES!!!

// if all good, send ok message
echo $id;
exit();
?>
user3328557
  • 100
  • 3
  • 15