matthew798 Posted September 10, 2008 Share Posted September 10, 2008 Me again. lol I got this off a webpage a decided it would be good to learn with! But it's not working and everything is the same except for the names of the variables... <?php session_start(); $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; include 'dbconnect.php'; $_SESSION['username'] = stripslashes($_SESSION['username']); $_SESSION['password'] = stripslashes($_SESSION['password']); $_SESSION['username'] = mysql_real_escape_string($_SESSION['username']); $_SESSION['password'] = mysql_real_escape_string($_SESSION['password']); $sql="SELECT * FROM users WHERE username='{$_SESSION['username']}' and password='{$_SESSION['password']}'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("$_SESSION['username']"); session_register("$_SESSION['password']"); header("location:admin.php"); } else { echo "Wrong Username or Password"; } ?> "Wrong Username or Password" But i know i have the right username and password. C&P from the databse itself... Quote Link to comment Share on other sites More sharing options...
CaptainChainsaw Posted September 10, 2008 Share Posted September 10, 2008 There is no DB connect statement there, does it connect properly? What does echo $count; produce? Don't need braces in the select statement: username='{$_ ^--- should help ya get started with this. CC Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted September 10, 2008 Share Posted September 10, 2008 Hmm...I'm wondering if there's a conflict between what you've entered in the form and what's actually in the DB stemming from using mysql_real_escape_string. How did you originally enter the stored user name and password? In any event, you can shorten that code down by a lot: require_once("dbconnect.php"); session_start(); $_SESSION['username'] = mysql_real_escape_string(stripslashes($_POST['username'])); $_SESSION['password'] = mysql_real_escape_string(stripslashes($_POST['password'])); $sql = "SELECT * FROM users WHERE username = '{$_SESSION['username']}' AND password = '{$_SESSION['password']}'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 1) { header("location: admin.php"); } else { echo "Wrong Username or Password"; } Keep in mind, it's never a good idea to store a password in a session. So, hopefully, you're just using this example as a learning exercise. Quote Link to comment Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 eghhh ok Captain chainsaw, i do actually need those "{}" or else it gives me a big ugly error.' The $count counts how many rows in the DB countain both the username and the pass Therefor if count=0 then the login must be incorrect. and yes the included file is the DB connection As for night, No, I tried removing the rel escapes to no avail. This is what i have now: <?php session_start(); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); include 'dbconnect.php'; $sql="SELECT * FROM users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("$username"); header("location:admin.html"); } else { echo "Wrong Username or Password"; } ?> Quote Link to comment Share on other sites More sharing options...
matthew798 Posted September 10, 2008 Author Share Posted September 10, 2008 Wow i just figured it out.... This is sad... There were 2 entried of the same username and password in the databse... if($count==1) and not if($count==>1) :'( Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.