tomfmason Posted July 8, 2006 Share Posted July 8, 2006 I have tried everything that I can think of. Here is the login script that I am currently working on. [code=php:0]<?php include ('includes/db.php');array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $username= mysql_real_escape_string(trim($_POST['username'])); $password= mysql_real_escape_string(trim($_POST['password'])); $sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $password); $res= mysql_query($sql) or die(mysql_error()); $login_match= mysql_result($res, 0, 'login_match'); if ( $login_match == 1 ) { echo "this test worked";} else { print_r ($login_match); // not logged in }?>[/code]I have tried several things everything that I try prints the same thing 0. I thought that maybe it was because the password is encypted. So I tried this.[code=php:0] <?php include ('includes/db.php');array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $mdpwd= md5($password);$username= mysql_real_escape_string(trim($_POST['username'])); $mdpwd= mysql_real_escape_string(trim($_POST['mdpwd'])); $sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); $res= mysql_query($sql) or die(mysql_error()); $login_match= mysql_result($res, 0, 'login_match'); if ( $login_match == 1 ) { echo "this test worked";} else { print_r ($login_match); // not logged in }?>[/code]This did not work as well. It out puts the same thing 0.I am not sure if this is relevant or not but username is on row 0 and password is on row 1 in the users table.Any suggestions would be great. Link to comment https://forums.phpfreaks.com/topic/14021-issues-with-login-script/ Share on other sites More sharing options...
tomfmason Posted July 8, 2006 Author Share Posted July 8, 2006 I just tried this and still the same thing[code=php:0]<?php include ('includes/db.php');array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $username= mysql_real_escape_string(trim($_POST['username'])); $mdpwd= mysql_real_escape_string(trim($_POST['password'])); $sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); $res= mysql_query($sql) or die(mysql_error()); $login_match= mysql_result($res, 0, 'login_match'); if ( $login_match == 1 ) { echo "this test worked";} else { print_r ($login_match); // not logged in }?>[/code] Link to comment https://forums.phpfreaks.com/topic/14021-issues-with-login-script/#findComment-54765 Share on other sites More sharing options...
Kurt Posted July 8, 2006 Share Posted July 8, 2006 Try using mysql_num_rows($res); rather than mysql_result(). Thats what I do for login systems. Link to comment https://forums.phpfreaks.com/topic/14021-issues-with-login-script/#findComment-54782 Share on other sites More sharing options...
tomfmason Posted July 8, 2006 Author Share Posted July 8, 2006 I tried that but with SELECT COUNT(*) it will always return 1 it never gets to the WHERE. I was reading somewhere the SELECT COUNT(*) was a faster and better way to do this but so far it hasn't. The way I have it now should work but it dosn't..lol. Link to comment https://forums.phpfreaks.com/topic/14021-issues-with-login-script/#findComment-54787 Share on other sites More sharing options...
tomfmason Posted July 8, 2006 Author Share Posted July 8, 2006 I got it to work just fine.[b]The Fix:[/b]I had it a little mixed up.lol. A simple fix.[b]From[/b][code=php:0]$mdpwd= md5($password);$username= mysql_real_escape_string(trim($_POST['username'])); $mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));[/code][b]To:[/b][code=php:0]$username= mysql_real_escape_string(trim($_POST['username'])); $password= mysql_real_escape_string(trim($_POST['password']));$mdpwd= md5($password);[/code]As you can see this is a simple fix. I just had to md5 hash the password at the end. I have posted the working script below. Now I am off to find a better way for sessions, not $_SESSION['username']. Any suggestions on hashing session variables would be great or maybe using something like time stamp?[b]The login code working[/b][code=php:0]<?php include ('includes/db.php');array_pop($_POST); if ( get_magic_quotes_gpc() ) { $_POST= array_map('stripslashes', $_POST); } $username= mysql_real_escape_string(trim($_POST['username'])); $password= mysql_real_escape_string(trim($_POST['password']));$mdpwd= md5($password); $sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd); $res= mysql_query($sql) or die(mysql_error()); $login_match= mysql_result($res, 0, 'login_match'); if ( $login_match == 1 ) { echo "this test worked";} else { print_r ($login_match); // not logged in }?>[/code]Thanks. Link to comment https://forums.phpfreaks.com/topic/14021-issues-with-login-script/#findComment-54928 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.