adnan1 Posted July 16, 2008 Share Posted July 16, 2008 Hi, I am new to php and postgresql. I am having some problems in login a registered user. I do not understand why i am getting the error "incorrect password" even though i am entering the right password. Could anyone please look at my code and let me know where i am going wrong. Thanks <?php //testing the session session_start(); ?> <?php // Connects to your Database include "connect.php"; $username = $_POST["username"]; $password = $_POST["password"]; $check = pg_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")or die(pg_error()); $info = pg_fetch_array( $check ); while($info = pg_fetch_array( $check )) { if ($password != $info['password']) { echo "you have entered an incorrect username or password, please try again !"; } else { header("Location: members.php"); } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database $check = pg_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".$_POST['password']."'")or die(pg_error()); $check2 = pg_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = pg_fetch_array( $check)) { //gives error if the password is wrong if ($_POST['password'] != $check['password']) { echo "incorrect password !"; } else { //then redirect them to the members area $_SESSION["username"] = $username; } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table valign="left" width="150" height="150" border="1"> <tr valign="left"> <tr valign="center"> <td> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Link to comment https://forums.phpfreaks.com/topic/114940-php-user-login/ Share on other sites More sharing options...
Bendude14 Posted July 16, 2008 Share Posted July 16, 2008 im only new to this but ill try help... should this if ($_POST['password'] != $check['password']) { be the same as it was at the top? if ($_POST['password'] != $info['password']) { Also i have a feeling its a security risk to use $_POST['username'] in side your SQL queries... http://www.phpfreaks.com/tutorial/php-security/page3 Hope this helps Link to comment https://forums.phpfreaks.com/topic/114940-php-user-login/#findComment-591192 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.