Reaper0167 Posted January 9, 2009 Share Posted January 9, 2009 i checked my database and my username and md5 password are there, but for some reason when i go to log in it keeps telling me that i am not registered. here is my login script. <?php // datbase information include "connection.php"; // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; // encrypt password to match registered md5 password $encrypted_password = md5($password); // searching for username and md5 password in database $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'"; $result=mysql_query($sql); $count=mysql_num_rows($result); // display log in error or success if($count==1) { $_SESSION['auth'] = "yes"; //not sure if this line is correct $message = "Welcome $username. You are now logged in."; header("location: home.php?error=" . urlencode($message)); } else { $message = "$username is not a registered username. Please register first."; header("location: index.php?error=" . urlencode($message)); } ?> Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/ Share on other sites More sharing options...
bluesoul Posted January 9, 2009 Share Posted January 9, 2009 Clean up the username, make sure there's no garbage added on in transit, use trim() and mysql_real_escape_string(). Also add "or die(mysql_error());" to the end of your query. Where is $tbl_name being defined? Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733570 Share on other sites More sharing options...
Reaper0167 Posted January 9, 2009 Author Share Posted January 9, 2009 $tbl_name is defined in connection.php which is included at the top of my script Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733592 Share on other sites More sharing options...
premiso Posted January 9, 2009 Share Posted January 9, 2009 $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password' LIMIT 1"; For username selecting I always do LIMIT 1 to prevent anyone from trying to pull more than 1 row. As for what bluesoul said, if you trim the username/password when the user registers you should do the same to check the validity of their password/name etc. Especially with an MD5 hash it may not be as lienent as the username might be. Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733595 Share on other sites More sharing options...
Reaper0167 Posted January 9, 2009 Author Share Posted January 9, 2009 can't seem to make it work... here is what i got <?php //this is my login script session_start(); // datbase information include "connection.php"; // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // pull username and password from the form $username = mysql_real_escape_string['username']; $password = mysql_real_escape_string['password']; $encrypted_password = md5($password); // searching for username and md5password in database $sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = '$encrypted_password' LIMIT 1"; $result=mysql_query($sql); $count=mysql_num_rows($result); // display log in error or success if($count==1) { $_SESSION['auth'] = "yes"; //not sure if this line is correct $message = "Welcome $username. You are now logged in."; header("location: home.php?error=" . urlencode($message)); } else { $message = "$username is not a registered username. Please register first."; header("location: index.php?error=" . urlencode($message)); } ?> <?php // this is my register script //connection to your database include ("connection.php"); // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // define variables from form register form $username = mysql_real_escape_string($_POST["username"]); $password = mysql_real_escape_string($_POST["password"]); $email = mysql_real_escape_string($_POST["email"]); $encrypted_password = md5($password); // inserting data into your database $sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$encrypted_password','$email')"; $res = mysql_query($sql) or die(mysql_error()); // closes your connection mysql_close(); ?> Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733631 Share on other sites More sharing options...
Reaper0167 Posted January 9, 2009 Author Share Posted January 9, 2009 i changed a few things around,,, but still saying that i'm not registered. <?php //login script session_start(); // datbase information include "connection.php"; // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // pull username and password from the form $username = mysql_real_escape_string(trim($_POST['username'])); $password = mysql_real_escape_string(trim(md5($_POST['password']))); // searching for username and md5password in database $sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1"; $result=mysql_query($sql); $count=mysql_num_rows($result); // display log in error or success if($count==1) { // $_SESSION['auth'] = "yes"; $message = "Welcome $username. You are now logged in."; header("location: index.php?error=" . urlencode($message)); } else { $message = "$username is not a registered username. Please register first."; header("location: index.php?error=" . urlencode($message)); } ?> <?php // register script //connection to your database include ("connection.php"); // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // define variables from form register form $username = mysql_real_escape_string($_POST["username"]); $password = mysql_real_escape_string(md5($_POST["password"])); $email = mysql_real_escape_string($_POST["email"]); // inserting data into your database $sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$password','$email')"; $res = mysql_query($sql) or die(mysql_error()); // closes your connection mysql_close(); ?> Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733651 Share on other sites More sharing options...
dennismonsewicz Posted January 9, 2009 Share Posted January 9, 2009 i changed a few things around,,, but still saying that i'm not registered. <?php //login script session_start(); // datbase information include "connection.php"; // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // pull username and password from the form $username = mysql_real_escape_string(trim($_POST['username'])); $password = mysql_real_escape_string(trim(md5($_POST['password']))); // searching for username and md5password in database $sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1"; $result=mysql_query($sql); $count=mysql_num_rows($result); // display log in error or success if($count==1) { // $_SESSION['auth'] = "yes"; $message = "Welcome $username. You are now logged in."; header("location: index.php?error=" . urlencode($message)); } else { $message = "$username is not a registered username. Please register first."; header("location: index.php?error=" . urlencode($message)); } ?> <?php // register script //connection to your database include ("connection.php"); // connects to server and database mysql_connect("$host", "$username", "$password") or die("Could not connect."); mysql_select_db("$db_name") or die("Could not find database"); // define variables from form register form $username = mysql_real_escape_string($_POST["username"]); $password = mysql_real_escape_string(md5($_POST["password"])); $email = mysql_real_escape_string($_POST["email"]); // inserting data into your database $sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$password','$email')"; $res = mysql_query($sql) or die(mysql_error()); // closes your connection mysql_close(); ?> you forgot a $ sign before your password variable so change // searching for username and md5password in database $sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1"; to // searching for username and md5password in database $sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = '$password' LIMIT 1"; Link to comment https://forums.phpfreaks.com/topic/140185-do-you-see-why-my-login-script-is-not-working/#findComment-733654 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.