MrScabby

One last request if I may, and thankyou for the above advice. I have now found this site to work from but on this occasion I want to make sure that Im singing off the same song sheet as everyone else. Is this up-to-date and a good starting point for a (usable) website login system for my site? just want to be sure I do not repeat the same mistake,,, http://www.ineedtutorials.com/code/php/complete-advanced-login-member-system-php-tutorial

lol, I did warn you it was old but it does happen to have what a lot don't - its easy to understand and gets the structure across Yes by the way, CHAR(16) and I created it myself as one of the tests to see if it needed a pre-defined database. Your going to say its wrong now aren't you! oh well at least Im trying, Dont suppose you can suggest a more up to date site can you, one without a learning curve like Beaches Brook!

The site Im using is here but I will say the code is old and basic and has no protection/sanitation, but it is it's simplicity which makes it clearer to follow if you have not done it before which is where I am at the moment.... Managing Users with PHP Sessions and MySQL Ive downloaded the sample code and altered the parts to work on my server. I have everything working except or some reason I cannot login. I've checked everything is working including seeing the tables in the database to see that they are being created correctly. The only area I cannot check is the password because the encryption does not allow me to check it, if you see my point. I have narrowed the issue down to this one statement contained in the accesscontrol.php which I have repeated below, <?php // accesscontrol.php include_once 'common.php'; include_once 'db.php'; session_start(); $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid']; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']; echo "Data Variables" . " uid =" . $uid . " pwd =" . $pwd; if(!isset($uid)) { ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Please Log In for Access </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <h1> Login Required </h1> <p>You must log in to access this area of the site. If you are not a registered user, <a href="signup.php">click here</a> to sign up for instant access!</p> <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>"> User ID: <input type="text" name="uid" size="8" /><br /><br /> Password: <input type="password" name="pwd" SIZE="8" /><br /><br /> <input type="submit" value="Log in" /> </form></p> </body> </html> <?php exit; } $_SESSION['uid'] = $uid; $_SESSION['pwd'] = $pwd; echo "Session Variables: uid=" . $_SESSION['uid'] . " pwd=" . $_SESSION['pwd']; dbConnect("cl42-daystaff"); $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')"; $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact [email protected].'); } echo "Num of rows =" . mysql_num_rows($result); if (mysql_num_rows($result) == 0) { unset($_SESSION['uid']); unset($_SESSION['pwd']); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Access Denied </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <h1> Access Denied </h1> <p>Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant access, click <a href="signup.php">here</a>.</p> </body> </html> <?php exit; } $username = mysql_result($result,0,'fullname'); ?>

Hi all Im having a problem with this MySQL statement, Im trying to set up a login system following instructions from another site All is working well except it fails when I try to log in, Why would this NOT work $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')"; when this does $sql = "SELECT * FROM user WHERE userid = '$uid' "; It would seem this part is not functioning correctly AND password = PASSWORD('$pwd') Just for ref this is the insert statement used to create a new user, working ok! $sql = "INSERT INTO user SET userid = '$_POST[newid]', password = PASSWORD('$newpass'), fullname = '$_POST[newname]', email = '$_POST[newemail]', notes = '$_POST[newnotes]'"; Specs:- Server: Localhost via UNIX socket Server type: MySQL Server version: 5.5.42 - MySQL Community Server (GPL) Apache/2.4.10 (Unix) Database client version: libmysql - mysqlnd 5.0.8-dev PHP extension: mysqli Version information: 4.0.7, latest stable version: 4.4.12 PHP version 5.3