Hi All,
Im new to php and have been trying to create a register and login script. The register script works fine and creates entries in a MySQL database but for some reason my login script doesn't work. Each time i try to login it displays 'Incorrect password, please try again' though I know the password entered matches that in the database. I suspect that this script is not retrieving or handling 'password' from the table 'users' in my database correctly though could be completely wrong. The original script was copied from a reliable source so should work though I may have changed something when tweaking it. Below is part of the login.php code.
Can someone please help?
mysql_connect("*****.net", "database1", "*****") or die(mysql_error());
mysql_select_db("database1") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['SiteName']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['SiteName'];
$pass = $_COOKIE['SiteName2'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(StrictlyGirlz, $_POST['username'], $hour);
setcookie(StrictlyGirlz2, $_POST['pass'], $hour);