I am working on a login script. I keep getting the “You have entered an invalid username or password!” message.

[bobleny]

I am working on a login script. I keep getting the “You have entered an invalid username or password!” message. This is what happens I withdraw the forumpass from the database and then I compare it to the necessary password and even if the passwords are equal it returns $_SESSION['emaillog'] = FALSE; when it should set it to true.

This is the first part of the code.
[code]
<?php
session_start();
header("Cache-control: private");

include("top.php");
$text="Database Test";

$username="***********";
$password="***********";
$database="***********";

$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$forumpass = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
mysql_close();

if ($forumpass != 16218)
{
    $_SESSION['emaillog'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; URL=mail_login.php'>";
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>
[/code]

[DaVuLf]

Is it an MD5 hash? If it is, then it won't compare properly.

[bobleny]

Actually that was another question too. Can you put an md5(16218) password into the database and then compare it to md5(16218)?

But! non the less im still stuck with the same problem.

And no at the moment nothing is md5 hashed.

[DaVuLf]

I'm pretty sure using MD5 like that is what forums use. That is the reason why they don't know your password (because its encrypted in the database).

Another thing I wonder is what type of field are you using? I'm thinking its a VARCHAR field. Now, what you're comparing is to an INT (the number). Try writing this:

[code]
if ($forumpass != '16218')
{
[/code]

[bobleny]

Ahh, actually the field is tinytext and Im useing 16218 as a refrance to the actuall pass word which is normal text.

[poirot]

Obviously you are not fetching the query:

[code]$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
$results = mysql_fetch_assoc($query);
$forumpass = $results['forumpass'][/code]

[bobleny]

Ok now it sets it to true like it should but on line 20 I have this error..

parse error, unexpected T_STRING in /home/www/fire…p.. on line 20

[code]
01-<?php
02-session_start();
03-header("Cache-control: private");
04-
05-include("top.php");
06-$text="Database Test";
07-
08-$username="********";
09-$password="********";
10-$database="********";
11-
12-$inputname = $_POST['inputname'];
13-
14-mysql_connect('db4.awardspace.com:3306',$username,$password);
15-mysql_select_db($database) or die( "Unable to select database");
16-$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
17-$results = mysql_fetch_assoc($query);
18-$forumpass = $results['forumpass'];
19-
20-mysql_close();
21-
22-if ($forumpass != 16218)
23-{
24-    $_SESSION['emaillog'] = FALSE;
25-   echo "You have enterd an invalid username or password! <br />";
26-   echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; 28-URL=mail_login.php'>";
27-}
28-else
29-{
30-    $_SESSION['emaillog'] = TRUE;
31-}
[/code]

[bobleny]

so whats wrong with it? I cant figure it out

[kenrbnsn]

Try changing your line 16 from
[code]<?php $query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'"; ?>[/code]
to
[code]php $query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'"; ?>[/code]

Also take a close look at lines 25 & 27 above.

Ken

[bobleny]

This is there new error that i recived last night.
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/www/fireme.....p.. on line 17

[toplay]

Bob_Leny, going off your last code post (which shows the line numbers), you have forgotten to actually run the query. There's no mysql_query() before the fetch.

Always, check for MySQL errors before proceeding with the next call.

Click on the [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=31047&view=findpost&p=153359\" target=\"_blank\"]PHP F.A.Q.[/a] link. Find and read the [b]MySQL Data Retrieval[/b] section for example code of getting data from MySQL with error checking after every MySQL command.

Also, search for "supplied argument" in the FAQ page.

Parse Errors are caused by human error. Check on the line of the error, but usually one to many lines before it, for missing closing tags (i.e. ", ), }, ;, etc.).

Here's a list of what those PHP tokens seen in error messages mean:
[a href=\"http://us2.php.net/manual/en/tokens.php#tokens\" target=\"_blank\"]http://us2.php.net/manual/en/tokens.php#tokens[/a]

[bobleny]

Yeah I know all about them missing stuff! lol I love to leave my ";"s off! They don't do me any good lol

Yeah Ill look in there and see what it says thanks

[bobleny]

I’ve read your post and have added a few checks. So this is what I came up with! Umm.. some constructive criticism would really be appreciated as I know it’s full of mistakes!

Id also like to draw your attention to this as its not right...
[code]mysql_select_db($database)
if (!mysql_select_db($database))[/code]


SiTe_E_Ma-il-45_0016-12_Pghy3.php:
[code]<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";

function sendem($reurl,$retime)
{
    echo "<META HTTP-EQUIV='Refresh' CONTENT= '" . $retime . "; URL=" . $reurl . "'>";
}

$username="**********";
$password="**********";
$database="**********";

if (!$_POST['inputname'])
{
    $_SESSION['wronginputename'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to connect to MySQL!";
    die();
}
else
{
mysql_select_db($database)
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'";
mysql_query()
$results = mysql_fetch_assoc($query);
if (!results)
{
    echo "Information from forum_users not found!";
    die();
}
else
{
$forumpass = $results['forumpass'];

mysql_close();

//Password in database is monkeys
if ($forumpass != monkeys)
{
    $_SESSION['wronginputepass'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to Connect to MySQL!";
    die();
}
else
{
mysql_select_db($database);
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);
if (!results)
{
    echo "<center><u>-- Inbox Empty --</u></center><br /><br />You have no E-mails at this time!";
    die();
}
else
{
$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>

<table border=0 background=table_declare.png cellpadding=0 cellspacing=0 align=center width=353 height=27>
<tr><td width=353>
<center>From: <?php echo $email ?></center>
</td></tr>
</table>

<table border=0 background=table_top4.png cellpadding=0 cellspacing=0 align=center width=703 height=27>
<tr>
<td>&nbsp;<span class="pleft">Subject: <?php echo $subject ?></span></td>
<td align=right><span class="pleft">Sent on: <?php echo $time ?>&nbsp</span></td>
</tr>
</table>

<table border=0 background=table_back.png cellpadding=0 cellspacing=0 align=center width=703>
<tr><td align=center>

<table border=0 cellpadding=0 cellspacing=0 align=center width=691>
<tr><td width=691>

<?php echo $message ?>

</td></tr>
</table>

</td></tr>
<tr><td><img src=table_bottom.png width=703 height=5></td></tr>
</table>

<table border=0 cellpadding=0 cellspaceing=0 align=left>
<tr>
<td>
<form action="mail_delete.php" method="post">
<input type="submit" value="Delete">
</form>
</td>
</tr>
</table>


<!--------------------->
<br /><br />
<!--------------------->

<?php

$i++;
}
}
}
}
}
}
}
}
}

mysql_close();

include("bot.php");
?>[/code]


mail_login.php:
[code]<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";
$wordss = "Please sign in below";

if ($_SESSION['wronginputename'] == TRUE)
{
    $wordss = "Incorect Username!";
}

if ($_SESSION['wronginputepass'] == TRUE)
{
    $wordss = "Incorect Password!";
}

if ($_SESSION['emaillog'] == TRUE)
{
echo "<META HTTP-EQUIV='Refresh' CONTENT= '.1; URL=SiTe_E_Ma-il-45_0016-12_Pghy3.php'>";
}

echo "<span class='pleft'>" . $wordss . "</span> <br />";
echo "<form action='SiTe_E_Ma-il-45_0016-12_Pghy3.php' method='post'>";
echo "Username: <input type='text' name='inputname' size='21' maxlength='20'><br />";
echo "Password: <input type='password' name='inputpass' size='21' maxlength='20'><br />";
echo "<input type='Submit' value='Send'>";
echo "</form>";

include("bot.php");
?>[/code]

[bobleny]

Yeah uhhhh... no ideas? no help?

[poirot]

Are you having any problems?

[bobleny]

Nevermind. The whole thing is an error! Im going to rescript it