Jump to content

issues with login script


tomfmason

Recommended Posts

I have tried everything that I can think of. Here is the login script that I am currently working on.

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $password);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]



I have tried several things everything that I try prints the same thing 0. I thought that maybe it was because the password is encypted. So I tried this.



[code=php:0] <?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]




This did not work as well. It out puts the same thing 0.
I am not sure if this is relevant or not but username is on row 0 and password is on row 1 in the users table.
Any suggestions would be great.
Link to comment
Share on other sites

I just tried this and still the same thing

[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}

$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['password']));

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]
Link to comment
Share on other sites

I tried that but with SELECT COUNT(*) it will always return 1 it never gets to the WHERE. I was reading somewhere the SELECT COUNT(*) was a faster and better way to do this but so far it hasn't. The way I have it now should work but it dosn't..lol.
Link to comment
Share on other sites

I got it to work just fine.

[b]The Fix:[/b]

I had it a little mixed up.lol. A simple fix.

[b]From[/b]

[code=php:0]$mdpwd= md5($password);
$username= mysql_real_escape_string(trim($_POST['username']));
$mdpwd= mysql_real_escape_string(trim($_POST['mdpwd']));[/code]


[b]To:[/b]


[code=php:0]$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);[/code]



As you can see this is a simple fix. I just had to md5 hash the password at the end. I have posted the working script below. Now I am off to find a better way for sessions, not $_SESSION['username'].  Any suggestions on hashing session variables would be great or maybe using something like time stamp?


[b]The login code working[/b]


[code=php:0]<?php
include ('includes/db.php');
array_pop($_POST);
if ( get_magic_quotes_gpc() ) {
    $_POST= array_map('stripslashes', $_POST);
}
$username= mysql_real_escape_string(trim($_POST['username']));
$password= mysql_real_escape_string(trim($_POST['password']));
$mdpwd= md5($password);

$sql= sprintf("SELECT COUNT(*) AS login_match FROM `users` WHERE `username` = '%s' AND `password`= '%s'", $username, $mdpwd);
$res= mysql_query($sql) or die(mysql_error());
$login_match= mysql_result($res, 0, 'login_match');

if ( $login_match == 1 ) {
    echo "this test worked";
} else {
    print_r ($login_match);
// not logged in
}
?>[/code]

Thanks.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.