Rob Heston Rob Heston - 22 days ago 5
MySQL Question

PHP, MySQL Login Issue After Adding More Table Columns/Inputs

I started out using just "Name" "Email" "Password" and the login with the email and password worked fine. Now I have 11 columns in the table --including the id-- and the login will not work. I am testing this out in my local "XAMPP" server with MySQL. I can register okay but I keep getting the "Incorrect User Name or Password" message when logging in. Of course, I am using the correct ones. I have tried clearing my browser, recreating the table, and rebooting the machine. My login page remains the same --as it was before adding more table columns/inputs-- and is for using the email address and password from the table in the database. There is no issue with dbconnect.php connecting. I suspect the problem is in the if statement that will produce :"Incorrect User Name or Password!!!" when one or the other does not match. Can anyone see a reason why the login keeps giving me the error message "Incorrrect...etc"?? Perhaps adding all the new inputs/columns requires something different for logging in from what I have here?
---THANKS

___Begin login.php________________________________________

<?php
session_start();

if(isset($_SESSION['usr_id'])!="") {
header("Location: alreadyloggedin.php");
}

include_once 'dbconnect.php';

//check if form is submitted
if (isset($_POST['login'])) {

$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = mysqli_query($con, "SELECT * FROM blogusers WHERE email = '" . $email. "' and password = '" . md5($password) . "'");

if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index-blog.php");
} else {
$errormsg = "Incorrect User Name or Password!!!";
}
}
?>


<?php include('header.php'); ?>
<div class="container blog-container"><!-- Begin Blog Container-->
<div class="row"><!-- Begin Blog Row -->
<div class="col-lg-9 col-sm-12 blog-left-column" style="padding: 0px;"><!-- Begin Blog Content Div (Left Column) -->
<div class="blog-header"><!-- Begin Blog Content Header -->
<p><g16 class="blog-header-text">THE DATABASE DRIVEN BLOG BY ROBERT</g16></p>
</div><!-- End Blog Content Header -->
<div class="blog-content"><!-- Begin - Main blog content in this div -->

<div class="form-reg"><!-- Begin div to contain form -->
<table width="50%" style="padding-left: 20px;">
<tr>
<td style="">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend class="legend-01"><g16>Please Login</g16></legend>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>Enter Your Email</g14></label>
<input type="text" name="email" placeholder="Enter Your Email Address" required class="form-control" />
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name"><g14>Password</g14></label>
<input type="password" name="password" placeholder="Enter Your Password" required class="form-control" />
</div>
</td>
</tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
</td>
</tr>
<tr><td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<g14>New User? <a href="register.php">Sign Up Here</a></g14>
</div>
</td></tr>
</table>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>

</div><!-- End div to contain form -->
<br><br><br><br>

</div><!-- End - Main blog content in this div -->
<div class="blog-header" style="vertical-align: middle; padding-bottom: 1px;"><!-- Begin Blog Content Footer -->
<p><g16 class="blog-header-text"><hr></g16></p>
</div><!-- End Blog Content Footer -->
</div><!-- End Blog Content Div (Left Column) -->
<!-- End of Body -->
<?php include('side-comments.php'); ?>
<?php include('footer.php'); ?>


___End login.php________________________________________

___Begin register.php________________________________________

<?php
session_start();

if(isset($_SESSION['usr_id'])) {
header("Location: logout2register.php");
}

include_once 'dbconnect.php';

//set validation error flag as false
$error = false;

//check if form is submitted
if (isset($_POST['signup'])) {
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$address = mysqli_real_escape_string($con, $_POST['address']);
$city = mysqli_real_escape_string($con, $_POST['city']);
$state = mysqli_real_escape_string($con, $_POST['state']);
$zip = mysqli_real_escape_string($con, $_POST['zip']);
$phone = mysqli_real_escape_string($con, $_POST['phone']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$user_name = mysqli_real_escape_string($con, $_POST['user_name']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);

//name can contain only alpha characters and space
if (!preg_match("/^[a-zA-Z ]+$/",$first_name)) {
$error = true;
$first_name_error = "Name must contain only letters";
}
if (!preg_match("/^[a-zA-Z ]+$/",$last_name)) {
$error = true;
$last_name_error = "Name must contain only letters";
}
if (!preg_match("/^[a-z0-9 .\-]+$/i",$address)) {
$error = true;
$address_error = "Address can contain only letters, numbers, dash";
}
if (!preg_match("/^[a-zA-Z ]+$/",$city)) {
$error = true;
$city_error = "City must contain only letters";
}
if (!preg_match("/^[a-zA-Z ]+$/",$state)) {
$error = true;
$state_error = "State must contain only letters";
}
if (!preg_match("/^[0-9 ]+$/",$zip)) {
$error = true;
$zip_error = "Zip must contain only numbers";
}
if (!preg_match("/^[0-9 .\-]+$/i",$phone)) {
$error = true;
$phone_error = "Phone can contain numbers and dashs or periods x12";
}
if(!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$error = true;
$email_error = "Please Enter Valid Email ID";
}
if (!preg_match("/^[a-zA-Z-0-9 ]+$/",$user_name)) {
$error = true;
$user_name_error = "User name can contain only letters and numbers";
}
if(strlen($password) < 6) {
$error = true;
$password_error = "Password must be minimum of 6 characters";
}
if($password != $cpassword) {
$error = true;
$cpassword_error = "Password and Confirm Password doesn't match";
}
if (!$error) {
if(mysqli_query($con, "INSERT INTO blogusers(first_name,last_name,address,city,state,zip,phone,email,user_name,password) VALUES('" . $first_name . "', '" . $last_name . "', '" . $address . "', '" . $city . "', '" . $state . "', '" . $zip . "', '" . $phone . "', '" . $email . "', '" . $user_name . "', '" . md5($password) . "')")) {
$successmsg = "Thank You for Regestering!! <a href='login.php'>Click here to Login</a>";
} else {
$errormsg = "Error in registering...Please try again later!";
}
}
}
?>

<?php include('header.php'); ?>
<div class="container blog-container"><!-- Begin Blog Container-->
<div class="row"><!-- Begin Blog Row -->
<div class="col-lg-9 col-sm-12 blog-left-column" style="padding: 0px;"><!-- Begin Blog Content Div (Left Column) -->
<div class="blog-header"><!-- Begin Blog Content Header -->
<p><g16 class="blog-header-text">THE DATABASE DRIVEN BLOG BY ROBERT</g16></p>
</div><!-- End Blog Content Header -->
<div class="blog-content"><!-- Begin - Main blog content in this div -->

<div class="form-reg" style="width: 100%;"><!-- Begin div to contain form -->
<table width="40%" style="padding-left: 20px;">
<tr>
<td style="">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="signupform">
<fieldset>
<legend class="legend-01"><g16>Registration</g16></legend>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>First Name</g14></label>
<input type="text" name="first_name" maxlength="20" placeholder="Enter Your First Name" required value="<?php if($error) echo $first_name; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($first_name_error)) echo $first_name_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>Last Name</g14></label>
<input type="text" name="last_name" maxlength="20" placeholder="Enter Your Last Name" required value="<?php if($error) echo $last_name; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($last_name_error)) echo $last_name_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>Address</g14></label>
<input type="text" name="address" maxlength="30" placeholder="Enter Your Address" required value="<?php if($error) echo $address; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($address_error)) echo $address_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>City</g14></label>
<input type="text" name="city" maxlength="30" placeholder="Enter Your City" required value="<?php if($error) echo $city; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($city_error)) echo $city_error; ?></span>
</div>
</td>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>State</g14></label>
<input type="text" name="state" maxlength="2" placeholder="2 Letters" required value="<?php if($error) echo $state; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($state_error)) echo $state_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>Zip</g14></label>
<input type="text" name="zip" length="5" placeholder="5 Numbers" required value="<?php if($error) echo $zip; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($zip_error)) echo $zip_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name"><g14>Phone Number</g14></label>
<input type="text" name="phone" max-length="12" placeholder="Area & Number Dash or Dot Ok" required value="<?php if($error) echo $zip; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($phone_error)) echo $phone_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name"><g14>Email</g14></label>
<input type="text" name="email" maxlength="30" placeholder="Enter a Valid Email" required value="<?php if($error) echo $email; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($email_error)) echo $email_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name"><g14>User Name</g14></label>
<input type="text" name="user_name" min-length="5" min-length="15" placeholder="5 to 15 Characters" required value="<?php if($error) echo $user_name; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($user_name_error)) echo $user_name_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name"><g14>Password</g14></label>
<input type="password" name="password" min-length="6" maxlength="15" placeholder="6 to 15 Chracters" required class="form-control" />
<span class="text-danger"><?php if (isset($password_error)) echo $password_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name"><g14>Confirm Password</g14></label>
<input type="password" name="cpassword" placeholder="Confirm Password" required class="form-control" />
<span class="text-danger"><?php if (isset($cpassword_error)) echo $cpassword_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<input type="submit" name="signup" value="Register" class="btn btn-primary" />
</div>
</fieldset>
</form>
</td>
</tr>
<tr><td><div style="margin-top: 10px; margin-bottom: 5px;"><g14>Already Registered? <a href="login.php">Login Here</g14></a></div></td></tr>
</table>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>

</div><!-- End div to contain form -->
<br><br><br><br>

</div><!-- End - Main blog content in this div -->
<div class="blog-header" style="vertical-align: middle; padding-bottom: 1px;"><!-- Begin Blog Content Footer -->
<p><g16 class="blog-header-text"><hr></g16></p>
</div><!-- End Blog Content Footer -->
</div><!-- End Blog Content Div (Left Column) -->
<!-- End of Body -->
<?php include('side-comments.php'); ?>
<?php include('footer.php'); ?>


___End register.php________________________________________

This is from the Table Export, phpMyAdmin

CREATE TABLE `blogusers` (
`id` int(8) NOT NULL,
`first_name` varchar(20) NOT NULL,
`last_name` varchar(20) NOT NULL,
`address` varchar(30) NOT NULL,
`city` varchar(30) NOT NULL,
`state` varchar(2) NOT NULL,
`zip` varchar(5) NOT NULL,
`phone` varchar(12) NOT NULL,
`email` varchar(30) NOT NULL,
`user_name` varchar(15) NOT NULL,
`password` varchar(15) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


___Thank You________________________________________

Answer

MD5 processes an arbitrary-length message into a fixed-length output of 128 bits, typically represented as a sequence of 32 hexadecimal digits. md5($password) Returns the hash as a 32-character hexadecimal number.

You used password length varchar(15) like bellow:

`password` varchar(15) NOT NULL

it should be minimum length 32 or more then like bellow

`password` varchar(32) NOT NULL
Comments