adnan1 Posted July 16, 2008 Share Posted July 16, 2008 Hi, I am new to php and postgresql. I am having some problems in login a registered user. I do not understand why i am getting the error "incorrect password" even though i am entering the right password. Could anyone please look at my code and let me know where i am going wrong. Thanks <?php //testing the session session_start(); ?> <?php // Connects to your Database include "connect.php"; $username = $_POST["username"]; $password = $_POST["password"]; $check = pg_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")or die(pg_error()); $info = pg_fetch_array( $check ); while($info = pg_fetch_array( $check )) { if ($password != $info['password']) { echo "you have entered an incorrect username or password, please try again !"; } else { header("Location: members.php"); } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database $check = pg_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".$_POST['password']."'")or die(pg_error()); $check2 = pg_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = pg_fetch_array( $check)) { //gives error if the password is wrong if ($_POST['password'] != $check['password']) { echo "incorrect password !"; } else { //then redirect them to the members area $_SESSION["username"] = $username; } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table valign="left" width="150" height="150" border="1"> <tr valign="left"> <tr valign="center"> <td> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
Bendude14 Posted July 16, 2008 Share Posted July 16, 2008 im only new to this but ill try help... should this if ($_POST['password'] != $check['password']) { be the same as it was at the top? if ($_POST['password'] != $info['password']) { Also i have a feeling its a security risk to use $_POST['username'] in side your SQL queries... http://www.phpfreaks.com/tutorial/php-security/page3 Hope this helps Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.