vinpkl Posted October 25, 2008 Share Posted October 25, 2008 hi all i have a login form with user name and password. The user name field is called "user_name" and password field is called "password". I have applied the code. If the user and password is incorect then its showing error that the user and pasword doesnot match. that is working fine. But if the user and password is corect then it doesnt redirect to file control_panel.php and neither show any error. In the database i have user_id, user_name, password. <?php require_once("../config.php"); $msg=""; if(isset($_REQUEST['id'])) { $id=$_REQUEST['id']; $_SESSION['id']=$id; $qry="select * from admin_table where user_id=$id"; $result=mysql_query($qry); $row=mysql_fetch_array($result); } if(isset($_REQUEST['submit'])) { $user_name=$_REQUEST['user_name']; $password=$_REQUEST['password']; $qry="select * from admin_table"; $result=mysql_query($qry); if(mysql_num_rows($result)>0) { if(($user_name==$row['user_name']) && ($password==$row['password'])) { //header("location:control_panel.php"); echo "<SCRIPT language=javascript>"; echo "window.location='control_panel.php'"; echo "</script>"; } else { $msg="Login ID or password is incorrect"; } } } ?> Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 25, 2008 Share Posted October 25, 2008 change this... <?php //header("location:control_panel.php"); echo "<SCRIPT language=javascript>"; echo "window.location='control_panel.php'"; echo "</script>"; to this... <?php header("Location: control_panel.php"); Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 25, 2008 Author Share Posted October 25, 2008 change this... <?php //header("location:control_panel.php"); echo "<SCRIPT language=javascript>"; echo "window.location='control_panel.php'"; echo "</script>"; to this... <?php header("Location: control_panel.php"); i used this but its giving error that the login or password is incorect. i have checked and matched in the database. i m filing the corect login and pasword but stil its saying its incorect. vineet Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 25, 2008 Share Posted October 25, 2008 is the password in the database md5 hashed? if so, change this line.... if(($user_name==$row['user_name']) && ($password==$row['password'])) to... if(($user_name==$row['user_name']) && (md5($password)==$row['password'])) Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 25, 2008 Author Share Posted October 25, 2008 is the password in the database md5 hashed? if so, change this line.... if(($user_name==$row['user_name']) && ($password==$row['password'])) to... if(($user_name==$row['user_name']) && (md5($password)==$row['password'])) hi i dont know anything about md5 and i have not used it anywhere vineet Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 25, 2008 Share Posted October 25, 2008 change all $_REQUEST to $_POST change this... $qry="select * from admin_table where user_id=$id"; to this... $qry="select * from admin_table where user_id=$id LIMIT 1"; change... $qry="select * from admin_table"; to... $qry="select * from admin_table WHERE `user_name`='$user_name',`password`='$password' LIMIT 1"; Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 25, 2008 Author Share Posted October 25, 2008 change all $_REQUEST to $_POST change this... $qry="select * from admin_table where user_id=$id"; to this... $qry="select * from admin_table where user_id=$id LIMIT 1"; change... $qry="select * from admin_table"; to... $qry="select * from admin_table WHERE `user_name`='$user_name',`password`='$password' LIMIT 1"; Hi This is the new code require_once("../config.php"); $msg=""; if(isset($_POST['id'])) { $id=$_POST['id']; //$qry="select * from admin_table where user_id=$id"; $qry="select * from admin_table where user_id=$id LIMIT 1"; $result=mysql_query($qry); $row=mysql_fetch_array($result); } if(isset($_POST['submit'])) { $user_name=$_POST['user_name']; $password=$_POST['password']; //$qry="select user_name,password from admin_table where user_name='$user_name'"; $qry="select * from admin_table WHERE `user_name`='$user_name',`password`='$password' LIMIT 1"; $result=mysql_query($qry); echo $qry; if(mysql_num_rows($result)>0) { if(($user_name==$row['user_name']) && ($password==$row['password'])) { header("Location: control_panel.php"); /*echo "<SCRIPT language='javascript'>"; echo "window.location='control_panel.php'"; /*echo "</script>";*/ } else { $msg="Login ID or password is incorrect"; } } } I have inserted echo $qry; in the code and on submitting the result i get is select * from admin_table WHERE `user_name`='vineet',`password`='23456' LIMIT 1 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\xampp\htdocs\vineet\admin\index.php on line 24 The user and id that the code has fetched is the same as in database. Quote Link to comment Share on other sites More sharing options...
prexep Posted October 25, 2008 Share Posted October 25, 2008 try $qry="select * from admin_table WHERE `user_name`='$user_name' and `password`='$password' LIMIT 1"; Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 25, 2008 Author Share Posted October 25, 2008 try $qry="select * from admin_table WHERE `user_name`='$user_name' and `password`='$password' LIMIT 1"; hi this is the new code i have replaced $qry up also and down also require_once("../config.php"); $msg=""; if(isset($_POST['id'])) { $id=$_POST['id']; //$qry="select * from admin_table where user_id=$id"; //$qry="select * from admin_table where user_id=$id LIMIT 1"; $qry="select * from admin_table WHERE `user_name`='$user_name' and `password`='$password' LIMIT 1"; $result=mysql_query($qry); $row=mysql_fetch_array($result); } if(isset($_POST['submit'])) { $user_name=$_POST['user_name']; $password=$_POST['password']; $qry="select * from admin_table WHERE `user_name`='$user_name' and `password`='$password' LIMIT 1"; $result=mysql_query($qry); echo $qry; if(mysql_num_rows($result)>0) { if(($user_name==$row['user_name']) && ($password==$row['password'])) { header("Location: control_panel.php"); /*echo "<SCRIPT language='javascript'>"; echo "window.location='control_panel.php'"; echo "</script>";*/ } else { $msg="Login ID or password is incorrect"; } } } In the echo result i got the corect user password as in database. select * from admin_table WHERE `user_name`='vineet' and `password`='23456' LIMIT 1 I didnt get mysql_numrow error that i got earlier. but it says incorect user password and didnt redirect. where i have the code $id=$_POST['id']; there also i have change it to new qry that you have sent now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.