Login stystem help

[asherinho]

I have a login form but It cant log in user if the user name is entered in capital letters.I used the trim() and addslashes() functions but still isn't working

 

$uname=trim($_POST['uname']);
$uname=addslashes($_POST['uname']);
$pass=md5($_POST['pass']);

 

which function is appropiate to use here? or what should I do?

[Juan Dela Cruz]

<a href="http://www.php.net/manual/en/function.strtolower.php">strtolower</a>

or

<a href="http://www.php.net/manual/en/function.strtoupper.php">strtoupper</a>

[asherinho]

Is not working.

 

$uname=strtolower($uname);
$uname=trim($_POST['uname']);

[Juan Dela Cruz]

can you show us your code?

[corbin]

asherinho that code would be the equivalent of doing this

 

a = f(b)

a = f©

 

where c does not always = a

 

Look at your code, and look at the variables you're setting....

[DeanWhitehouse]

try putting it the other way

$uname=trim($_POST['uname']);

$uname=strtolower($uname);

 

[asherinho]

Still isn't working Blade280891.here are the codes

 

?>
$uname=trim($_POST['uname']);
$uname=strtolower($uname);

$pass=md5($_POST['pass']);

if($uname != "" && $pass != ""){
				  
     if($_SESSION["logged_in_user"]==$uname && $_SESSION["logged_in_pass"]==$pass){
if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
             }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                    }
     }
require("connection.php");
$db=mysql_connect("$host","$user","$password");
if(!$db){echo "No connection,please contact the system administrator.Sorry";}
mysql_select_db("$dbname",$db);
$result=mysql_query("SELECT * FROM login WHERE uname='".$uname."' AND pass='".$pass."'");
			         
                if(!$result){echo "error in query";}

if(mysql_num_rows($result) > 0){
    $_SESSION["logged_in_user"]=$uname;
    $_SESSION["logged_in_pass"]=$pass;
    $record=mysql_fetch_assoc($result);
       if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
                    }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                           }
									                                  
} else{require("top.php"); echo "<B style='color:red;font-size:15px'>Wrong username or password</B>";
               }							 

             if(!$db){echo "No connection,please contact the system administrator.Sorry";}
}else{require("top.php"); echo "<B style='color:red;font-size:15px'>You forgot to enter the username or password
?>

[samshel]

//divide this line in 2 and debug...
$strSql = "SELECT * FROM login WHERE uname='".$uname."' AND pass='".$pass."'";
echo $strSql;
$result=mysql_query($strSql);

 

fire the displayed query directly on database client and check if rows are returned..

[asherinho]

I tried it samshel,it seems the the problem is on $pass,the encryption of password entered in uppercase is different from that in lowercase.I tried this but it didn't work

 

$uname=trim($_POST['uname']);
$uname=strtolower($uname);

$pass=strtolower($pass);
$pass=md5($_POST['pass']);

[DeanWhitehouse]

wrong way round

$pass=md5($_POST['pass']);

$pass=strtolower($pass);

 

[samshel]

while storing the username and password are you doing strtolower ?

[asherinho]

I reversed it Blade280891 but still there is nothing new.What do mean samshel?

Here are the codes

 

?>
$uname=trim($_POST['uname']);
$uname=strtolower($uname);

$pass=md5($_POST['pass']);

if($uname != "" && $pass != ""){
				  
     if($_SESSION["logged_in_user"]==$uname && $_SESSION["logged_in_pass"]==$pass){
if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
             }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                    }
     }
require("connection.php");
$db=mysql_connect("$host","$user","$password");
if(!$db){echo "No connection,please contact the system administrator.Sorry";}
  $strSql = "SELECT * FROM login WHERE uname='".$uname."' AND pass='".$pass."'";
echo $strSql;
$result=mysql_query($strSql);              
                     if(!$result){echo "error in query";}

if(mysql_num_rows($result) > 0){
    $_SESSION["logged_in_user"]=$uname;
    $_SESSION["logged_in_pass"]=$pass;
    $record=mysql_fetch_assoc($result);
       if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
                    }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                           }
									                                  
} else{require("top.php"); echo "<B style='color:red;font-size:15px'>Wrong username or password</B>";
               }							

             if(!$db){echo "No connection,please contact the system administrator.Sorry";}
}else{require("top.php"); echo "<B style='color:red;font-size:15px'>You forgot to enter the username or password
?>

[DeanWhitehouse]

when ure addin them to the db , are u converting them to lowercase?

[samshel]

are the passwords manually added in DB or by some script, in that script, is the password lower cased ?

[asherinho]

All the values in the database are in lowercase

 

I used the following query to enter the values into the databse

 

INSERT INTO login(uname,pass,status) VALUES('admini',md5('ppra'),'administrator')

[DeanWhitehouse]

cant u just make sure that the pplz entering the username and password enter it lowercase?

[samshel]

you have done md5() on password in PHP while checking where as while entering you have used MySQL md5(), it should match, but just try shifting md5() in your code in query instead of PHP.

 

<?php
$uname=trim($_POST['uname']);
$uname=strtolower($uname);

$pass=$_POST['pass'];

if($uname != "" && $pass != ""){
				  
    if($_SESSION["logged_in_user"]==$uname && $_SESSION["logged_in_pass"]==$pass){
if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
            }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                   }
    }
require("connection.php");
$db=mysql_connect("$host","$user","$password");
if(!$db){echo "No connection,please contact the system administrator.Sorry";}
  $strSql = "SELECT * FROM login WHERE uname='".$uname."' AND pass=md5('".$pass."')";
echo $strSql;
$result=mysql_query($strSql);              
                    if(!$result){echo "error in query";}

if(mysql_num_rows($result) > 0){
    $_SESSION["logged_in_user"]=$uname;
    $_SESSION["logged_in_pass"]=$pass;
    $record=mysql_fetch_assoc($result);
       if($record["status"]=="administrator"){require("iframe_adm.php"); exit;
                   }elseif($record["status"]=="user"){require("iframe_usr.php"); exit; 
                          }
									                                  
} else{require("top.php"); echo "<B style='color:red;font-size:15px'>Wrong username or password</B>";
              }							

            if(!$db){echo "No connection,please contact the system administrator.Sorry";}
}else{require("top.php"); echo "<B style='color:red;font-size:15px'>You forgot to enter the username or password
?>

 

check if it works.

[asherinho]

It is now working.Thank u samshel and all others.U are among the people who are making this forum usefull.

[samshel]

did the code i gave worked OR was there some other problem?

 

also pl hit the solved button.