This is my whole code for the login/registration. The username, Dyl, exists in the database and it says that, but it says I am entering the wrong password when I'm entering the one I created the account with. Does anyone see any problems that could interfere with this?
<?php
session_start();
switch (@$_POST['Button'])
{
case "Log in":
include("haha.php");
$cxn = mysqli_connect($host,$user,$password,$database);
$fusername = $cxn->real_escape_string($_POST['fusername']);
$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername'";
$result = mysqli_query($cxn,$sql) or die("Query died: fusername");
$num = mysqli_num_rows($result);
if($num > 0)
//username was found
{
$fpassword = $cxn->real_escape_string($_POST['fpassword']);
$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername' AND `password`=md5('$fpassword')";
$result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword");
$num = mysqli_num_rows($result2);
if($num > 0) //password matches
{
$_SESSION['auth']="yes";
$_SESSION['username'] = $fusername;
$sql = "INSERT INTO Login (username,loginTime) VALUES ('$fusername',NOW())";
$result = mysqli_query($cxn,$sql) or die("Query died: insert");
header("Location: testing.php");
}
else
{
$message_1="The username, '$fusername' exists. However you have not entered the correct password! Please try again.";
$fusername=strip_tags(trim($fusername));
include("login_form2.php");
}
}
else // username was not found
{
$message_1 = "The username you entered does not exist! Please try again.";
include("login_form2.php");
}
break;
case "Register":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if(empty($value))
{
$blanks[] = $field;
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
if(isset($blanks))
{
$message_2 = "The following fields are blank. Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($good_data);
include("login_form2.php");
exit();
}
/* validate data */
foreach($_POST as $field => $value)
{
if(!empty($value))
{
if(preg_match("/name/i",$field) and !preg_match("/user/i",$field) and !preg_match("/log/i",$field))
{
if(!preg_match("/^[A-Za-z' -]{1,15}$/",$value))
{
$errors[] = "$value is not a valid name. ";
}
}
if(preg_match("/email/i",$field))
{
if(!preg_match("/^.+@.+\\..+$/",$value))
{
$errors[]="$value is not a valid email address.";
}
}
} // end if not empty
}
foreach($_POST as $field => $value)
{
$$field = strip_tags(trim($value));
}
if(@is_array($errors))
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again";
}
include("login_form2.php");
exit();
} //end if errors are found
/* check to see if username already exists */
include("haha.php");
$cxn = mysqli_connect($host,$user,$password,$database) or die("Couldn't connect to server");
$username = $cxn->real_escape_string($username);
$sql = "SELECT `username` FROM `Member` WHERE `username`='$username'";
$result = mysqli_query($cxn,$sql) or die("Query died: username.");
$num = mysqli_num_rows($result);
if($num > 0)
{
$message_2 = "$username already exists. Select another username.";
include("login_form2.php");
exit();
} // end if username already exists
else // add new member to database
{
$sql = "INSERT INTO Member (username,createDate,password,firstName,email) VALUES ('$username',NOW(),md5('$password'),'$firstName','$email')";
mysqli_query($cxn,$sql);
$_SESSION['auth']="yes";
$_SESSION['username'] = $username;
header("Location: testing.php");
}
break;
default:
include("login_form2.php");
}
?>