Reaper0167 Posted January 1, 2009 Share Posted January 1, 2009 even when i enter a registered username and password it is still telling me that the username is not valid. here is the code... <?php $host = "***********"; $username = "*********"; $password = "*********"; $db_name = "**********"; $tbl_name = "members"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $username = $_POST['username']; $password = $_POST['password']; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if ($count == 1) { $message = "You are now logged in."; header("location: index.php?error=" . urlencode($message)); } else { $message = "This username is not registered. Pleaser register first."; header("location: index.php?error=" . urlencode($message)); } ?> Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/ Share on other sites More sharing options...
revraz Posted January 1, 2009 Share Posted January 1, 2009 Remove your login info in your post here. Echo your $username and $password variables. Do they contain the right info? Use mysql_error() after your query, see if there is an error. How is your password stored in the DB, plain text? Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/#findComment-727684 Share on other sites More sharing options...
Reaper0167 Posted January 1, 2009 Author Share Posted January 1, 2009 passwords are md5,, ooppss Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/#findComment-727694 Share on other sites More sharing options...
Reaper0167 Posted January 1, 2009 Author Share Posted January 1, 2009 fixed it, thanks. check out the comment mark in the code,, what exactly do those two lines of code do for my login script.. also,,, what else could i do to make the login more secure???? anything?? <?php $host = "----------"; $username = "------------"; $password = "------------"; $db_name = "---------"; $tbl_name = "members"; mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); $username = $_POST['username']; $password = $_POST['password']; $password = md5($password); $username = mysql_real_escape_string($username); // WHAT DOES THIS DO,, SOMEONE TOLD ME $password = mysql_real_escape_string($password); // TO DO THIS $sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if ($count == 1) { $message = "You are now logged in."; header("location: index.php?error=" . urlencode($message)); } else { $message = "This username is not registered. Pleaser register first."; header("location: index.php?error=" . urlencode($message)); } ?> Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/#findComment-727699 Share on other sites More sharing options...
Reaper0167 Posted January 1, 2009 Author Share Posted January 1, 2009 oh yeh,, i already changed the db password that i posted in the beginning of this thread,,, i must be tired today. Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/#findComment-727701 Share on other sites More sharing options...
revraz Posted January 2, 2009 Share Posted January 2, 2009 Those two lines sanitize the variables to strip out DB attacks. But you can combine them up higher if you want when you set them from your POST array. Link to comment https://forums.phpfreaks.com/topic/139132-solved-again-login-script-not-working-take-a-look/#findComment-727713 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.