Jump to content

I am working on a login script. I keep getting the “You have entered an invalid username or password!” message.


bobleny

Recommended Posts

I am working on a login script. I keep getting the “You have entered an invalid username or password!” message. This is what happens I withdraw the forumpass from the database and then I compare it to the necessary password and even if the passwords are equal it returns $_SESSION['emaillog'] = FALSE; when it should set it to true.

This is the first part of the code.
[code]
<?php
session_start();
header("Cache-control: private");

include("top.php");
$text="Database Test";

$username="***********";
$password="***********";
$database="***********";

$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$forumpass = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
mysql_close();

if ($forumpass != 16218)
{
    $_SESSION['emaillog'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; URL=mail_login.php'>";
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>
[/code]
Link to comment
Share on other sites

Actually that was another question too. Can you put an md5(16218) password into the database and then compare it to md5(16218)?

But! non the less im still stuck with the same problem.

And no at the moment nothing is md5 hashed.
Link to comment
Share on other sites

I'm pretty sure using MD5 like that is what forums use. That is the reason why they don't know your password (because its encrypted in the database).

Another thing I wonder is what type of field are you using? I'm thinking its a VARCHAR field. Now, what you're comparing is to an INT (the number). Try writing this:

[code]
if ($forumpass != '16218')
{
[/code]
Link to comment
Share on other sites

Obviously you are not fetching the query:

[code]$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
$results = mysql_fetch_assoc($query);
$forumpass = $results['forumpass'][/code]
Link to comment
Share on other sites

Ok now it sets it to true like it should but on line 20 I have this error..

parse error, unexpected T_STRING in /home/www/fire…p.. on line 20

[code]
01-<?php
02-session_start();
03-header("Cache-control: private");
04-
05-include("top.php");
06-$text="Database Test";
07-
08-$username="********";
09-$password="********";
10-$database="********";
11-
12-$inputname = $_POST['inputname'];
13-
14-mysql_connect('db4.awardspace.com:3306',$username,$password);
15-mysql_select_db($database) or die( "Unable to select database");
16-$query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'";
17-$results = mysql_fetch_assoc($query);
18-$forumpass = $results['forumpass'];
19-
20-mysql_close();
21-
22-if ($forumpass != 16218)
23-{
24-    $_SESSION['emaillog'] = FALSE;
25-   echo "You have enterd an invalid username or password! <br />";
26-   echo "<META HTTP-EQUIV='Refresh' delay=5 CONTENT= '5; 28-URL=mail_login.php'>";
27-}
28-else
29-{
30-    $_SESSION['emaillog'] = TRUE;
31-}
[/code]
Link to comment
Share on other sites

Try changing your line 16 from
[code]<?php $query = "SELECT forumpass FROM forum_users WHERE forumname = '" . $inputname . "'"; ?>[/code]
to
[code]php $query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'"; ?>[/code]

Also take a close look at lines 25 & 27 above.

Ken
Link to comment
Share on other sites

Bob_Leny, going off your last code post (which shows the line numbers), you have forgotten to actually run the query. There's no mysql_query() before the fetch.

Always, check for MySQL errors before proceeding with the next call.

Click on the [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=31047&view=findpost&p=153359\" target=\"_blank\"]PHP F.A.Q.[/a] link. Find and read the [b]MySQL Data Retrieval[/b] section for example code of getting data from MySQL with error checking after every MySQL command.

Also, search for "supplied argument" in the FAQ page.

Parse Errors are caused by human error. Check on the line of the error, but usually one to many lines before it, for missing closing tags (i.e. ", ), }, ;, etc.).

Here's a list of what those PHP tokens seen in error messages mean:
[a href=\"http://us2.php.net/manual/en/tokens.php#tokens\" target=\"_blank\"]http://us2.php.net/manual/en/tokens.php#tokens[/a]

Link to comment
Share on other sites

I’ve read your post and have added a few checks. So this is what I came up with! Umm.. some constructive criticism would really be appreciated as I know it’s full of mistakes!

Id also like to draw your attention to this as its not right...
[code]mysql_select_db($database)
if (!mysql_select_db($database))[/code]


SiTe_E_Ma-il-45_0016-12_Pghy3.php:
[code]<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";

function sendem($reurl,$retime)
{
    echo "<META HTTP-EQUIV='Refresh' CONTENT= '" . $retime . "; URL=" . $reurl . "'>";
}

$username="**********";
$password="**********";
$database="**********";

if (!$_POST['inputname'])
{
    $_SESSION['wronginputename'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
$inputname = $_POST['inputname'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to connect to MySQL!";
    die();
}
else
{
mysql_select_db($database)
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query = "SELECT forumpass FROM forum_users WHERE forumname = '$inputname'";
mysql_query()
$results = mysql_fetch_assoc($query);
if (!results)
{
    echo "Information from forum_users not found!";
    die();
}
else
{
$forumpass = $results['forumpass'];

mysql_close();

//Password in database is monkeys
if ($forumpass != monkeys)
{
    $_SESSION['wronginputepass'] = TRUE;
    $_SESSION['emaillog'] = FALSE;
    sendem(mail_login.php,.1);
}
else
{
    $_SESSION['emaillog'] = TRUE;
}

if ($_SESSION['emaillog'] == TRUE)
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
if (!mysql_connect)
{
    echo "Unable to Connect to MySQL!";
    die();
}
else
{
mysql_select_db($database);
if (!mysql_select_db($database))
{
    echo "Unable to select database!";
    die();
}
else
{
$query="SELECT * FROM `email` ORDER BY 'id'";
$result=mysql_query($query);
if (!results)
{
    echo "<center><u>-- Inbox Empty --</u></center><br /><br />You have no E-mails at this time!";
    die();
}
else
{
$num=mysql_numrows($result);

mysql_close();

echo "<center><u>-- Inbox --</u></center><br><br>";

$i=0;
while ($i < $num) {

$email = mysql_result($result,$i,"email");
$subject = mysql_result($result,$i,"subject");
$message = nl2br(mysql_result($result,$i,"message"));
$time = mysql_result($result,$i,"time");
$_SESSION['id'] = mysql_result($result,$i,"id");
?>

<table border=0 background=table_declare.png cellpadding=0 cellspacing=0 align=center width=353 height=27>
<tr><td width=353>
<center>From: <?php echo $email ?></center>
</td></tr>
</table>

<table border=0 background=table_top4.png cellpadding=0 cellspacing=0 align=center width=703 height=27>
<tr>
<td>&nbsp;<span class="pleft">Subject: <?php echo $subject ?></span></td>
<td align=right><span class="pleft">Sent on: <?php echo $time ?>&nbsp</span></td>
</tr>
</table>

<table border=0 background=table_back.png cellpadding=0 cellspacing=0 align=center width=703>
<tr><td align=center>

<table border=0 cellpadding=0 cellspacing=0 align=center width=691>
<tr><td width=691>

<?php echo $message ?>

</td></tr>
</table>

</td></tr>
<tr><td><img src=table_bottom.png width=703 height=5></td></tr>
</table>

<table border=0 cellpadding=0 cellspaceing=0 align=left>
<tr>
<td>
<form action="mail_delete.php" method="post">
<input type="submit" value="Delete">
</form>
</td>
</tr>
</table>


<!--------------------->
<br /><br />
<!--------------------->

<?php

$i++;
}
}
}
}
}
}
}
}
}

mysql_close();

include("bot.php");
?>[/code]


mail_login.php:
[code]<?php
session_start();
header("Cache-control: private");

include("top.php");
$text = "Database Test";
$wordss = "Please sign in below";

if ($_SESSION['wronginputename'] == TRUE)
{
    $wordss = "Incorect Username!";
}

if ($_SESSION['wronginputepass'] == TRUE)
{
    $wordss = "Incorect Password!";
}

if ($_SESSION['emaillog'] == TRUE)
{
echo "<META HTTP-EQUIV='Refresh' CONTENT= '.1; URL=SiTe_E_Ma-il-45_0016-12_Pghy3.php'>";
}

echo "<span class='pleft'>" . $wordss . "</span> <br />";
echo "<form action='SiTe_E_Ma-il-45_0016-12_Pghy3.php' method='post'>";
echo "Username: <input type='text' name='inputname' size='21' maxlength='20'><br />";
echo "Password: <input type='password' name='inputpass' size='21' maxlength='20'><br />";
echo "<input type='Submit' value='Send'>";
echo "</form>";

include("bot.php");
?>[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.