wont login

[localhost]

login.php script:

[code]<?php
session_start();


require('../inc/connect.php');

if ($_POST['username']) {
$username=$_POST['username'];
$password=base64_encode($_POST['password']);
if ($password==NULL) {
echo "A password was not supplied";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
echo "The supplied login is incorrect";
}else{
$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);
$_SESSION["s_username"] = $row['username'];
echo "You have successfully logged in as ".$_SESSION['s_username']." and can go to the index <a href='../index.php'>here</a>.";
}
}
}
?>[/code]


register.php script:

[code]<?php

require('../inc/connect.php');

// If the submit button is pushed we continue
if(isset($_POST['submit'])) {

// Set POST form variables
$username = $_POST['username'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
$email = $_POST['email'];

// Set normal needed variables
$ip = $_POST['ip'];
$date = $_POST['date'];
$privilege = $_POST['privilege'];

// Check if all fields are full
if($username==NULL || $password==NULL || $cpassword==NULL || $email==NULL) {
echo "All fields marked with a * are required";
} else {

// Check if both passwords entered are matching
if($password!=$cpassword) {
echo "Passwords do not match.";
} else {

// Encrypt password
$enc_password = base64_encode('$password');

// Insert the post form info into the database
$query1 = "INSERT INTO `users` (`username`, `password`, `email`, `ip`, `date`, `privilege`) VALUES ('$username', '$enc_password', '$email', '$ip', '$date', '$privilege')";
$result1 = mysql_query($query1) or die('Error 003: Could not insert user details into database');
// Error 003 - register.php - Database error...

} // End if for required fields
} // End if for password match
} // End if for submit button

?>
[/code]

[anatak]

Do you get any error messages ?
does the script works correctly when you don't supply the correct password ?
(does it echo "The supplied login is incorrect";)

[localhost]

it echoes the supplied login is incorrect when it is correct!

[Fyorl]

I can't see what's wrong, your code looks fine. Try echoing the supplied password and the one from the database and see if they actually match.

[poirot]

I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.

[Fyorl]

[!--quoteo(post=381684:date=Jun 8 2006, 08:43 PM:name=poirot)--][div class=\'quotetop\']QUOTE(poirot @ Jun 8 2006, 08:43 PM) [snapback]381684[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'd like to ask, because it is odd, why are you using base64_encode()?

You should know encoded passwords can be decoded, while hashed (md5(), sha1()) passwords cannot.

This should either be a bad practice or evil purposes like be able to know your users' passwords.
[/quote]

It's better than not encrypting them at all, which is what I did back in my first MORPG... oh the naivety