goocharlton Posted August 20, 2008 Share Posted August 20, 2008 Here is the code I am trying to use: <?php session_start(); $result = mysql_query("SELECT username, password FROM user WHERE username='password'"); $passwords = mysql_fetch_assoc($result); if ($_POST['password'] == $passwords[$_POST['username']]) { echo "Login Successfull"; $_SESSION['auth_username'] = $_POST['username']; } else { ?> <form method="post"> <div class="login-form"> Username<?php if(isset($_POST['login']) and !$_POST['username']) { echo "<span style='color:#FF0000;'>*</span>"; } ?><br> <input name="username" type="text"> </div> <div class="login-form"> Password<?php if(isset($_POST['login']) and !$_POST['password']) { echo "<span style='color:#FF0000;'>*</span>"; } ?><br> <input name="password" type="password"> </div> <div class="login-button"> <input name="login" type="submit" value="Login" style="width:40px;"> </div> </form> <?php } ?> What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
captbaritone Posted August 20, 2008 Share Posted August 20, 2008 Since you haven't told us what you have tried, or what the symptoms are, I can't help you much at all. But his looks all wrong: // Here you query the database for the username and passwords of users named "password" $result = mysql_query("SELECT username, password FROM user WHERE username='password'"); // Here you set the array of users (named "password") to a variable names $passwords $passwords = mysql_fetch_assoc($result); // Here you comparing the password your user has given with a field in the database named "whatever username they typed in". if ($_POST['password'] == $passwords[$_POST['username']]) { echo "Login Successfull"; $_SESSION['auth_username'] = $_POST['username']; } And that's as far as I got. Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 20, 2008 Share Posted August 20, 2008 Yep actually it doesnt make any sense. Most of all the "WHERE username='password'". What's the aim of that, do you have users with username=password. A normal approach should be: <?php session_start(); $username = mysql_real_escape_string($_POST['username']); $password = sha1($_POST['password']); //i took for granted that you are using sha1() hashing for passwords $results = @mysql_query("SELECT id FROM user WHERE username='$username' AND password='$password'") or die(); if(mysql_num_rows($results) == 1){ //this means a user exists and the password was correct echo 'Login Successful'; $_SESSION['auth_username'] = $username; } else{ //show the form } ?> Quote Link to comment Share on other sites More sharing options...
adam291086 Posted August 20, 2008 Share Posted August 20, 2008 you have messed up the code a little. Heres an example \ <?php //these variables are from the login form $username = $_POST['Username']; $password = $_POST['password']; //connect to the database $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } else { //search the database $result = mysql_query("SELECT * FROM person WHERE username='$username' AND password='$password'"); //count to see how many rows are found $num_rows = mysql_num_rows($result); if($num_rows >0) { redirect to sucessful login } else { bad login } ?> } hope this gives you an idea Quote Link to comment Share on other sites More sharing options...
Jibberish Posted August 20, 2008 Share Posted August 20, 2008 if ($_POST['password'] == $passwords[$_POST['username']]) { if your trying to check the sent password with the password returned in the array this line needs to be if ($_POST['password'] == $passwords['password']) { Quote Link to comment Share on other sites More sharing options...
goocharlton Posted August 20, 2008 Author Share Posted August 20, 2008 Thanks guys, problem solved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.