Jump to content

php user login

adnan1

By adnan1
in PHP Coding Help

 Share

Recommended Posts

adnan1 Newbie

adnan1

Posted
Posted

Hi,

 

I am new to php and postgresql. I am having some problems in login a registered user. I do not understand why i am getting the error  "incorrect password" even though i am entering the right password. Could anyone please look at my code and let me know where i am going wrong.

 

Thanks

 

<?php //testing the session

session_start();

?>

 

 

<?php

// Connects to your Database

include "connect.php";

 

$username = $_POST["username"];

$password = $_POST["password"];

 

 

$check = pg_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")or die(pg_error());

$info = pg_fetch_array( $check );

 

while($info = pg_fetch_array( $check ))

{

if ($password != $info['password'])

{

echo "you have entered an incorrect username or password, please try again !";

}

else

{

header("Location: members.php");

 

}

}

 

 

//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted

 

// makes sure they filled it in

if(!$_POST['username'] | !$_POST['password']) {

die('You did not fill in a required field.');

}

// checks it against the database

 

$check = pg_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".$_POST['password']."'")or die(pg_error());

 

$check2 = pg_num_rows($check);

if ($check2 == 0) {

die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');

}

while($info = pg_fetch_array( $check))

{

 

//gives error if the password is wrong

if ($_POST['password'] != $check['password']) {

echo "incorrect password !";

}

 

else

{

//then redirect them to the members area

 

$_SESSION["username"] = $username;

 

 

}

}

}

else

{

 

// if they are not logged in

?>

 

 

 

 

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<table valign="left" width="150" height="150" border="1">

<tr valign="left">

<tr valign="center">

<td>

<tr><td>Username:</td><td>

<input type="text" name="username" maxlength="40">

</td></tr>

<tr><td>Password:</td><td>

<input type="password" name="password" maxlength="50">

</td></tr>

<tr><td colspan="2" align="right">

<input type="submit" name="submit" value="Login">

</td></tr>

</table>

</form>

<?php

}

 

?>

Link to comment
Share on other sites
Bendude14 Member

Bendude14

Posted
Posted

im only new to this but ill try help...

 

should this

 

if ($_POST['password'] != $check['password']) {

 

be the same as it was at the top?

 

if ($_POST['password'] != $info['password']) {

 

Also i have a feeling its a security risk to use $_POST['username'] in side your SQL queries...

 

http://www.phpfreaks.com/tutorial/php-security/page3

 

Hope this helps

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.