Jump to content

do you see why my login script is not working

Reaper0167

By Reaper0167
in PHP Coding Help

 Share

Recommended Posts

Reaper0167 Regular Member

Reaper0167

Posted
Posted

i checked my database and my username and md5 password are there, but for some reason when i go to log in it keeps telling me that i am not registered. here is my login script.

<?php

// datbase information
include "connection.php";

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 

// encrypt password to match registered md5 password
$encrypted_password = md5($password);

// searching for username and md5 password in database
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

// display log in error or success
if($count==1)
{
$_SESSION['auth'] = "yes";  //not sure if this line is correct
$message = "Welcome $username. You are now logged in.";
header("location: home.php?error=" . urlencode($message));
}
else 
{
$message = "$username is not a registered username. Please register first.";
header("location: index.php?error=" . urlencode($message));
}

?>

 

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted 

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password' LIMIT 1";

 

For username selecting I always do LIMIT 1 to prevent anyone from trying to pull more than 1 row.

 

As for what bluesoul said, if you trim the username/password when the user registers you should do the same to check the validity of their password/name etc. Especially with an MD5 hash it may not be as lienent as the username might be.

Link to comment
Share on other sites
Reaper0167 Regular Member

Reaper0167

Posted
  • Author
Posted

can't seem to make it work... here is what i got

<?php            //this is my login script

session_start();

// datbase information
include "connection.php";

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// pull username and password from the form
$username = mysql_real_escape_string['username'];
$password = mysql_real_escape_string['password'];
$encrypted_password = md5($password);

// searching for username and md5password in database
$sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = '$encrypted_password' LIMIT 1";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

// display log in error or success
if($count==1)
{
$_SESSION['auth'] = "yes";  //not sure if this line is correct
$message = "Welcome $username. You are now logged in.";
header("location: home.php?error=" . urlencode($message));
}
else 
{
$message = "$username is not a registered username. Please register first.";
header("location: index.php?error=" . urlencode($message));
}

?>

 

<?php    // this is my register script

//connection to your database
include ("connection.php");

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// define variables from form register form
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
$email = mysql_real_escape_string($_POST["email"]);
$encrypted_password = md5($password);

// inserting data into your database
$sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$encrypted_password','$email')";
$res = mysql_query($sql) or die(mysql_error());

// closes your connection
mysql_close();

?>

Link to comment
Share on other sites
Reaper0167 Regular Member

Reaper0167

Posted
  • Author
Posted

i changed a few things around,,, but still saying that i'm not registered.

 

<?php                  //login script

session_start();

// datbase information
include "connection.php";

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// pull username and password from the form
$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim(md5($_POST['password'])));

// searching for username and md5password in database
$sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

// display log in error or success
if($count==1)
{
// $_SESSION['auth'] = "yes";  
$message = "Welcome $username. You are now logged in.";
header("location: index.php?error=" . urlencode($message));
}
else 
{
$message = "$username is not a registered username. Please register first.";
header("location: index.php?error=" . urlencode($message));
}

?> 


<?php            // register script

//connection to your database
include ("connection.php");

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// define variables from form register form
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string(md5($_POST["password"]));
$email = mysql_real_escape_string($_POST["email"]);

// inserting data into your database
$sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$password','$email')";
$res = mysql_query($sql) or die(mysql_error());

// closes your connection
mysql_close();

?>

Link to comment
Share on other sites
dennismonsewicz Advanced Member

dennismonsewicz

Posted
Posted

i changed a few things around,,, but still saying that i'm not registered.

 

<?php                  //login script

session_start();

// datbase information
include "connection.php";

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// pull username and password from the form
$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim(md5($_POST['password'])));

// searching for username and md5password in database
$sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

// display log in error or success
if($count==1)
{
// $_SESSION['auth'] = "yes";  
$message = "Welcome $username. You are now logged in.";
header("location: index.php?error=" . urlencode($message));
}
else 
{
$message = "$username is not a registered username. Please register first.";
header("location: index.php?error=" . urlencode($message));
}

?> 


<?php            // register script

//connection to your database
include ("connection.php");

// connects to server and database
mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

// define variables from form register form
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string(md5($_POST["password"]));
$email = mysql_real_escape_string($_POST["email"]);

// inserting data into your database
$sql = "INSERT INTO $tbl_name(username, password, email)VALUES('$username','$password','$email')";
$res = mysql_query($sql) or die(mysql_error());

// closes your connection
mysql_close();

?>

 

you forgot a $ sign before your password variable

 

so change

// searching for username and md5password in database

$sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = 'password' LIMIT 1";

 

to

// searching for username and md5password in database

$sql="SELECT * FROM $tbl_name WHERE username ='$username' and password = '$password' LIMIT 1";

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.