Home/ Questions/Q 6837803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T23:31:14+00:00

HTML: Html of the two forms, looks like: when either buyer or merchant is

  • 0

HTML:

Html of the two forms, looks like:
img1

when either buyer or merchant is selected..
img2

        <form action="#" method="post"> 
                Buyer <input type="radio" name="addType" value="Buyer" /> 
                &nbsp;&nbsp;Merchant <input type="radio" name="addType" value="Merchant" /><br />
                New PricedWrite User? <a href="../register">Register</a>
        </form>
        <div class="buyer">
            <form method="post" action="check_buyer.php">
                Username or Email: <input class="UserReg" style="width:350px;" type="text" name="userName" /> <br />
                Password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <input class="UserReg" style="width:350px;" type="password"  name="userPass" /> <br />
                <input type="submit" class="UserReg" name="submit" value="Sign In" />
            </form>
        </div><!--/buyer-->
        <br />
        <div class="merch">
            <form method="post" action="check_merchant.php">
                Username or Email: <input class="UserReg" style="width:350px;" type="text" name="userName" /> <br />
                Password: <input class="UserReg" style="width:350px;" type="password" name="userPass" /> <br />
                <input type="submit" class="UserReg" name="submit" value="Sign In" />
            </form>

check_buyer.php (which is in same directory as html file)

<?php
require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);

$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uUPass, dynamSalt
        FROM User
        WHERE uUName = '$LoginUserName';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{
    echo "No Such User";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);

$dynamSalt = $ifUserExists['dynamSalt'];  #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword);


if($SaltyPass != $ifUserExists['uUPass']) //incorrect password
{
    echo "No Such Pass<br />";
    echo '$LoginPass Value: '.$LoginPassword;
}

else
{
echo "Success";
}

?>

Currently, when I type in a valid user and pass, it basically just reloads the page. What is wrong with this?

The way I originally create the pass upon registration is:

if(!empty($_POST['userPass']))
    $escapedInputtedPass=mysql_real_escape_string($_POST['userPass']);
    $dynamSalt = mt_rand(); 
    $SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass);

Why isn’t this matching the way I check it? The only difference is, it doesnt have to generate the pass, because the pass in now stored under the dynamSalt column in the user table. Anyone see anything??
$SaltyPass = hash(‘sha512’,$dynamSalt.$escapedInputtedPass);

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I tink you have error in query:

    $query = "SELECT uUPass, dynamSalt
        FROM User
        WHERE uUName = '$LoginUserName';";

//change to

$query = "SELECT uUPass, dynamSalt
        FROM User
        WHERE uUName = '$LoginUserName'"; //semicolon removed

    Hope that works

    • 0