Jump to content

Recommended Posts

Me again. lol

 

I got this off a webpage a decided it would be good to learn with!

 

But it's not working and everything is the same except for the names of the variables...

 

<?php
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

include 'dbconnect.php';

$_SESSION['username'] = stripslashes($_SESSION['username']);
$_SESSION['password'] = stripslashes($_SESSION['password']);
$_SESSION['username'] = mysql_real_escape_string($_SESSION['username']);
$_SESSION['password'] = mysql_real_escape_string($_SESSION['password']);

$sql="SELECT * FROM users WHERE username='{$_SESSION['username']}' and password='{$_SESSION['password']}'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("$_SESSION['username']");
session_register("$_SESSION['password']"); 
header("location:admin.php");
}
else {
echo "Wrong Username or Password";
}
?>

 

"Wrong Username or Password"

 

But i know i have the right username and password. C&P from the databse itself...

Link to comment
https://forums.phpfreaks.com/topic/123691-solved-code-example-not-working/
Share on other sites

Hmm...I'm wondering if there's a conflict between what you've entered in the form and what's actually in the DB stemming from using mysql_real_escape_string.  How did you originally enter the stored user name and password?

 

In any event, you can shorten that code down by a lot:

require_once("dbconnect.php");
session_start();

$_SESSION['username'] = mysql_real_escape_string(stripslashes($_POST['username']));
$_SESSION['password'] = mysql_real_escape_string(stripslashes($_POST['password']));

$sql = "SELECT * FROM users WHERE username = '{$_SESSION['username']}' AND password = '{$_SESSION['password']}'";
$result = mysql_query($sql);

$count = mysql_num_rows($result);

if($count == 1)
{
   header("location: admin.php");
}
else
{
   echo "Wrong Username or Password";
}

 

Keep in mind, it's never a good idea to store a password in a session.  So, hopefully, you're just using this example as a learning exercise.

eghhh

 

ok

 

Captain chainsaw, i do actually need those "{}" or else it gives me a big ugly error.'

 

The $count counts how many rows in the DB countain both the username and the pass

 

Therefor if count=0 then the login must be incorrect.

 

and yes the included file is the DB connection

 

 

As for night, No, I tried removing the rel escapes to no avail.

 

This is what i have now:

 

<?php
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

include 'dbconnect.php';

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("$username"); 
header("location:admin.html");
}
else {
echo "Wrong Username or Password";
}
?>

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.