Jump to content

Archived

This topic is now archived and is closed to further replies.

tomfmason

issues with login script

Recommended Posts

I have tried everything that I can think of. Here is the login script that I am currently working on.

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $password);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]



I have tried several things everything that I try prints the same thing 0. I thought that maybe it was because the password is encypted. So I tried this.



[code=php:0] <?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]




This did not work as well. It out puts the same thing 0.
I am not sure if this is relevant or not but username is on row 0 and password is on row 1 in the users table.
Any suggestions would be great.

Share this post


Link to post
Share on other sites
I just tried this and still the same thing

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]

Share this post


Link to post
Share on other sites
Try using mysql_num_rows($res); rather than mysql_result(). Thats what I do for login systems.

Share this post


Link to post
Share on other sites
I tried that but with SELECT COUNT(*) it will always return 1 it never gets to the WHERE. I was reading somewhere the SELECT COUNT(*) was a faster and better way to do this but so far it hasn't. The way I have it now should work but it dosn't..lol.

Share this post


Link to post
Share on other sites
I got it to work just fine.

[b]The Fix:[/b]

I had it a little mixed up.lol. A simple fix.

[b]From[/b]

[code=php:0]$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));[/code]


[b]To:[/b]


[code=php:0]$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);[/code]



As you can see this is a simple fix. I just had to md5 hash the password at the end. I have posted the working script below. Now I am off to find a better way for sessions, not $_SESSION['username'].  Any suggestions on hashing session variables would be great or maybe using something like time stamp?


[b]The login code working[/b]


[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]

Thanks.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.