HELP!!! Users can login with any password

Hi,
My users can login with any password, if it's correct or not. It doesn't seem to check if the password is correct, but it does notice if the password field is empty. I have checked the session.php, database.php and process.php and they look fine. I even restored them to their original, NOTHING WORKS!!!

I am not sure when this problem started as I didn't try to login with wrong passwords.

Please help

wow, i can see how this can be a problem. lol.

alright well, the script 99.9% of the time right out of the box as long as your database and constants are set up correctly. assuming they are, what kinda of modifications have you made to the script?

I've added some new session variables but that's it, nothing major. It's like the database page doesn't exist but there are no errors being thrown at me. Apart from the session variables, I’ve done nothing else to the script.

The confirmUserPass() function doesn't seem to return any value. It’s like it doesn't exist.

Code:

$result = $database->confirmUserPass($subuser, md5($subpass));

I hope that's the right function...

well when the script works correctly, and a user enters a valid user name and password the function should return 0. this might be why it looks like there is no value returned in the function.

i am curious if the function is indeed returning 0 and not some other value ...or no value at all. do you think you could change the values the function is suppose to return to a string. first, open up database.php and find the confirmUserPass function and replace it with the following:

Code:

  function confirmUserPass($username, $password){
      /* Add slashes if necessary (for query) */
      if(!get_magic_quotes_gpc()) {
         $username = addslashes($username);
      }

      /* Verify that user is in database */
      $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
      $result = mysql_query($q, $this->connection);
      if(!$result || (mysql_numrows($result) < 1)){
        return 'a'; //Indicates username failure
      }

      /* Retrieve password from result, strip slashes */
      $dbarray = mysql_fetch_array($result);
      $dbarray['password'] = stripslashes($dbarray['password']);
      $password = stripslashes($password);

      /* Validate that password is correct */
      if($password == $dbarray['password']){
        return 'c'; //Success! Username and password confirmed
      }
      else{
        return 'b'; //Indicates password failure
      }
  }

then you would have to change the conditional in session.php to match the new values the function will return. just under $result = $database->confirmUserPass($subuser, md5($subpass)); look for where the script checks the error codes (originally on line 155) and replace it with this:

Code:

      /* Check error codes */
      if($result == 'a'){
        $field = "user";
        $form->setError($field, "* Username not found");
      }
      else if($result == 'b'){
        $field = "pass";
        $form->setError($field, "* Invalid password");
      }
      else{
         $field = "user";
         $form->setError($field, "TRIGGERED ERROR:<BR><BR>result: $result<BR>username: $subuser<BR>password (no md5): $subpass<BR>password (md5): " . md5($subpass));
      }

that last else statement should stop the script from executing regardless of what the function returned. it should also display a few clues as to whats happening here. when we get this all worked out well have to remove that little bit of code.

try this and let me know what the script does now.

Works now thanks

great, glad i could help!