Not Logging In

[ecabrera]

I can seem to login it tells me to check my password and username but i dont know the username and password are correct

here is my whole code 

<?php
	//start the sessoin
	session_start();
	
	//connect to db
	require "scripts/connect.php";
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	$username = mysqli_real_escape_string($db,$username);
	$password = mysqli_real_escape_string($db,$password);

	if(isset($_POST['loginbtn'])){

	if(!empty($username) && !empty($password)){
	
	//sql command
	$getstaff = "SELECT * FROM `users` WHERE `username` = '$username'";
	
	//execute the query 
	$query = mysqli_query($db,$getstaff);
	
	//get the number of rows
	$num_rows = mysqli_num_rows($query);
	
	if($num_rows != 0){
	
	//get the info
	$rows = mysqli_fetch_assoc($query);
	
	//setting the data in indivaul variables
	$dbusername = $rows['username'];
	$dbpassword = $rows['password'];
	
	//getting the password the user enter and making it hash
	//in order for it to match in the database
	$password = md5($password);

	if($dbusername === $username && $dbpassword === $password){
	
		//create the session
		$_SESSION['username'] = $username;
		//redircet them to the control panel
		header("location: controlpanel.php");
	
	}else
		$msg = "Please check your username or password";
	}else
		$msg = "User does not exist";
	}else
		$msg = "Please enter your username and password";
	}
?>

This is where it is giving me a hard time

	if($dbusername === $username && $dbpassword === $password){
	
		//create the session
		$_SESSION['username'] = $username;
		//redircet them to the control panel
		header("location: controlpanel.php");
	
	}else
		$msg = "Please check your username or password";

Any ideas why its not letting me enter

[ginerjm]

Is it possible that your password is actually being escaped and therefore doesn't match the hashed db password?

 

FYI - it is better to hash your incoming password and then do your query to match on both username and the hashed password (meaning you only store a hashed password) and then check if you got 1 row instead of just checking for username.  Actually that could also be your problem if you have multiple uses of a single 'username' value.

[ecabrera]

This has work for me in the past i dont know why its dont working now 

[ginerjm]

I gave you two possible reasons.  Have you debugged them?

[ecabrera]

No I think it has to do with a hosting issue because I'm using the same script on another server and it works fine

[mac_gyver]

you always have to debug what your code and data are doing in order to find out where the problem is at. i can list a dozen+ different things that would cause your script produce the result it is.

 

do you have php's error_reporting set to E_ALL and either display_errors or log_errors set to ON and have checked for any resulting php errors?

 

have you determined which values in the if(...) statement are causing the comparison to fail?

[QuickOldCar]

 <?php

//error reporting

error_reporting(E_ALL | E_NOTICE);

ini_set('display_errors', '1');


//start the session

session_start();


//connect to db

require_once("scripts/connect.php");


if (isset($_POST['loginbtn'])) {


    $errors = array();


    if (isset($_POST['username']) && trim($_POST['username']) != '') {


        $username = mysqli_real_escape_string($db, trim($_POST['username']));


    } else {


        $errors[] = "Missing username";


    }


    if (isset($_POST['password']) && trim($_POST['password']) != '') {


        $password = mysqli_real_escape_string($db, md5(trim($_POST['password'])));


    } else {


        $errors[] = "Missing password";


    }


    if ($username && $password) {


        $getstaff = "SELECT (username,password) FROM `users` WHERE `username` = '" . $username . "' AND `password` = '" . $password . "'";


        if ($result = mysqli_query($db, $getstaff)) {

            while ($row = mysqli_fetch_row($result)) {

                //create the session

                $_SESSION['username'] = $row['username'];

                //redirect them to the control panel

                header("Location: controlpanel.php");

                exit();

            }


        } else {

            $errors[] = "No Results";

        }


    } else {


        $errors[] = "username or password missing";


    }


}


if (!empty($errors)) {

    foreach ($errors as $error) {

        echo $error . "<br />";

    }

}


if ($db) {

    mysqli_close($db);

}

?> 

[ecabrera]

This is whats causing the problem something in this code not letting me in but i don't know what it is

if($dbusername === $username && $dbpassword === $password){

session_start();
$_SESSION['username'] = $dbusername;
header("location: home.php");

}else
    $msg = "<p class='message'>Check your email or password.</p>";

[ginerjm]

Then you know what the problem is!!  Either the two username vars don't match OR the two password vars don't match.    Why don't you echo them out so that you can see what they look like and see if they are what you expect?  That's called debugging.

[ecabrera]

That's the first thing I did and they do match

[mac_gyver]

use var_dump() on the values, as that would also show the length, in case there's some non-printing/white-space characters as part of the data.