finnaz Posted February 18, 2009 Share Posted February 18, 2009 I got this script from a php5 web developer book, but cant seem to get it to work. Can anyone see any errors or admissions in the code? When i enter the correct username and password, it says that the username / password is invalid. <?php session_start(); include "conn.inc.php"; if (isset($_POST['submit'])) { $query = "SELECT username, password, admin_level FROM admin " . "WHERE username = '" . $_POST['username'] . "' " . "AND password = (PASSWORD('" . $_POST['password'] . "'))"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array($result); if (mysql_num_rows($result) == 1) { $_SESSION['admin_logged'] = $_POST['username']; $_SESSION['admin_password'] = $_POST['password']; $_SESSION['admin_level'] = $row['admin_level']; header ("Refresh: 5; URL=" . $_POST['redirect'] . ""); echo "You are being redirected to your original page request!<br>"; echo "(If your browser doesn't support this, " . "<a href=\"" . $_POST['redirect']. "\">click here</a>)"; } else { ?> <html> <head> <title>Administrator Login</title> </head> <body> <p> Invalid Username and/or Password<br> <form action="admin_login.php" method="post"> <input type="hidden" name="redirect" value="<?php echo $_POST['redirect']; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br><br> <input type="submit" name="submit" value="Login"> </form> </p> </body> </html> <?php } } else { if (isset($_GET['redirect'])) { $redirect = $_GET['redirect']; } else { $redirect = "index.php"; } ?> <html> <head> <title>Beginning PHP5, Apache and MySQL</title> </head> <body> <p> Login below by supplying your username/password...<br> <form action="admin_login.php" method="post"> <input type="hidden" name="redirect" value="<?php echo $redirect; ?>"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br><br> <input type="submit" name="submit" value="Login"> </form> </p> </body> </html> <?php } ?> Many Thanx Link to comment https://forums.phpfreaks.com/topic/145751-admin-login-script-error/ Share on other sites More sharing options...
revraz Posted February 19, 2009 Share Posted February 19, 2009 Is the Password being stored as plain text in the DB? Link to comment https://forums.phpfreaks.com/topic/145751-admin-login-script-error/#findComment-766171 Share on other sites More sharing options...
finnaz Posted February 19, 2009 Author Share Posted February 19, 2009 Yes, the password is being stored as plain text in the database. Link to comment https://forums.phpfreaks.com/topic/145751-admin-login-script-error/#findComment-766256 Share on other sites More sharing options...
revraz Posted February 19, 2009 Share Posted February 19, 2009 I would suggest you echo the query and verify everything is being passed correctly and also verify the info matches as it's stored in the DB. Also, this line is not really being used $row = mysql_fetch_array($result); Link to comment https://forums.phpfreaks.com/topic/145751-admin-login-script-error/#findComment-766383 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.