Jump to content

issues with login script

tomfmason

By tomfmason
in PHP Coding Help

 Share

Recommended Posts

tomfmason Advanced Member

tomfmason

Posted
Posted
I have tried everything that I can think of. Here is the login script that I am currently working on.

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $password);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]



I have tried several things everything that I try prints the same thing 0. I thought that maybe it was because the password is encypted. So I tried this.



[code=php:0] <?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]




This did not work as well. It out puts the same thing 0.
I am not sure if this is relevant or not but username is on row 0 and password is on row 1 in the users table.
Any suggestions would be great.
Link to comment
https://forums.phpfreaks.com/topic/14021-issues-with-login-script/
Share on other sites
tomfmason Advanced Member

tomfmason

Posted
  • Author
Posted
I just tried this and still the same thing

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]
tomfmason Advanced Member

tomfmason

Posted
  • Author
Posted
I tried that but with SELECT COUNT(*) it will always return 1 it never gets to the WHERE. I was reading somewhere the SELECT COUNT(*) was a faster and better way to do this but so far it hasn't. The way I have it now should work but it dosn't..lol.
tomfmason Advanced Member

tomfmason

Posted
  • Author
Posted
I got it to work just fine.

[b]The Fix:[/b]

I had it a little mixed up.lol. A simple fix.

[b]From[/b]

[code=php:0]$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));[/code]


[b]To:[/b]


[code=php:0]$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);[/code]



As you can see this is a simple fix. I just had to md5 hash the password at the end. I have posted the working script below. Now I am off to find a better way for sessions, not $_SESSION['username'].  Any suggestions on hashing session variables would be great or maybe using something like time stamp?


[b]The login code working[/b]


[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]

Thanks.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.