[SOLVED] login script says password is wrong when echoed they are not

[farkewie]

Hi guys,

 

i have started to make a simple login script just so only friends can see my webpage.

 

when i try to login it says the password is wrong but when i echo the form password and the database password they are the same??

 

here is the whole script

 

<?php 
include ("sql.php");
//get the details from the login form
$user_name = $_POST['user_name'];
$user_password = $_POST['user_password'];
$user_password = md5($user_password);
$date = date("d/m/Y H:i", time());
$remember = $_POST['remember'];
$form_name = $_POST['form_name'];

// set cookie length
if ($remember == "yes"){
$remember = "36000000000";
}
else {$remember = "3600";}
//convert the password to md5 hash
$user_password = md5($user_password);


// check for username in the database
mysql_select_db('albumv1', $sqlconnection);
$user = " SELECT * FROM cpg_users WHERE user_name='$user_name'";
$user = mysql_query($user) or die(mysql_error());
$user_row = mysql_fetch_assoc($user);

// set all database details to variabls
$db_user = $user_row['user_name'];
$db_password = $user_row['user_password'];
$user_email = $user_row['user_email'];
$user_active = $user_row['user_active'];
$user_id = $user_row['user_id'];

//just making sure the database and form password match (TESTING ONLY)
echo $user_password;
echo $db_password;

//only run script if it the login form is submitted
if ($form_name == "login_form"){


// give error if user doesnt exist
if (!$db_user) {
print "<link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" />
		<p class=\"error\">Error!!</strong></p> 
	   <p class=\"errortext\"><strong>$user_name</strong> is not in the database...</p>";
	   

}
// give error if user exists but wrong password
	else if (($db_user)&& ($user_password !== $db_password)) {
		print "<link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" />
				<p class=\"error\">Error!!</p>
				<p class=\"errortext\"> Your password is wrong...</p>";


	}
// set cookie if user and password are correct
		else if (($db_user) && ($user_password == $db_password)) {
			setcookie("session","session",$remember);
			print "<p class=\"errortext\">Success</p>";
		}

// end of form_name actions
}





?>

<!--Display Login Form-->
<link href="styles.css" rel="stylesheet" type="text/css" />



<form name="login" method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
  <p><span class="home">Username</span>
    <input name="user_name" type="text" id="user_name" > 
</p>
  <p class="home">
    <label>Password
    <input type="password" name="user_password" id="user_password">
    <br />
    Remember me 
    <input name="remember" type="checkbox" id="remember" value="yes" />
    <input name="form_name" type="hidden" value="login_form" />
    </label>
</p>
  <p>
    <label>
    <input type="submit" name="button" id="button" value="Submit">
    </label>
  </p>
</form>

 

Also i am pretty new to writing my own scripts from scratch so any tips on this one are more than welcome.

 

thanks i  advance.

 

Ty

[Daukan]

You are using md5 twice on the password. Is that what you want?

 

[farkewie]

Thank you,

 

I knew it would be something stupid.

 

also

 

if i add  exit;

 

after this code it wont attach the stylesheet even though i attached it before the exit command?

what am i doing wrong here?

 

	
else if (($db_user)&& ($user_password !== $db_password)) {
		print "<link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" />
				<p class=\"error\">Error!!</p>
				<p class=\"errortext\"> Your password is wrong...</p>";

[kratsg]

Instead of exit; Try using die; instead, see if that changes anything.

[Daukan]

The style sheet might need to be inside the <head> tag.

 

EDIT: I just tried adding styles outside the head tag and it worked in ie and firefox

[farkewie]

i didnt end up needing it here but i do need some help on the register script but im making a new post

Thanks for your help guys

 

PS i did try all the things ou asked and they didnt work.