Cooper94 Posted February 20, 2009 Share Posted February 20, 2009 <?php include 'data.php'; ob_start(); session_start(); ?> <center> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <div> <br /> <label for="txtusername">Username:</label> <input type="text" name="username" value="" title="Text input: Username" id="txtusername" maxlength="20" /> </div> <div> <label for="txtpassword"> Password:</label> <input type="password" name="password" title="Text input: Password" id="txtpassword" maxlength="20" /> </div> <br /> <div> <input type="submit" name="submit" value="Login" /> <input type="submit" name="ResetButton" title="Reset button: Login" id="btnReset" value="Clear" class="button" /> <br /> </div> </fieldset> </form> <font color="red"> <?php if(isset($_POST['submit'])) { // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $enc=md5($_POST['password']); $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql=mysql_query("SELECT * FROM pilots WHERE username='$username' AND password='$enc' AND admin='yes'"); $omg = mysql_num_rows($sql); if($omg > 0){ while($row = mysql_fetch_array($sql)){ $_SESSION['username'] = $username; $_SESSION['password'] = $password; header ('Location: successadm.php'); mysql_close($connection); } } else { echo "Wrong Username/Password"; }} ?> </font> </center> For some reason it dosnt login at all even if the admin=yes? Any help would be fantastic! Thank You Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/ Share on other sites More sharing options...
premiso Posted February 20, 2009 Share Posted February 20, 2009 A few issues I spot off the back, you are making it so only admin's can login? Is that correct? // username and password sent from form $username=stripslashes($_POST['username']); $password=stripslashes($_POST['password']); // as this would make a different if magic_quotes are on, so it is good to have it the same. $enc=md5($_POST['password']); // $username = stripslashes($username); // also might as well move this up // $password = stripslashes($password); // no point in doing this here as the password is md5, move it up $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); Second, you should only be expecting 1 item from the DB so the while loop is unnecessary: // while($row = mysql_fetch_array($sql)){ // not needed $row = mysql_fetch_assoc($sql); // use assoc over array. $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; // $row is how you should access it. Try those changes and see what happens. Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767414 Share on other sites More sharing options...
Cooper94 Posted February 20, 2009 Author Share Posted February 20, 2009 No still nothing. Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767433 Share on other sites More sharing options...
The Little Guy Posted February 20, 2009 Share Posted February 20, 2009 Try re arranging the code like this: <?php include 'data.php'; ob_start(); session_start(); if(isset($_POST['submit'])) { // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $enc=md5($_POST['password']); $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql=mysql_query("SELECT * FROM pilots WHERE username='$username' AND password='$enc' AND admin='yes'"); $omg = mysql_num_rows($sql); if($omg > 0){ while($row = mysql_fetch_array($sql)){ $_SESSION['username'] = $username; $_SESSION['password'] = $password; header ('Location: successadm.php'); mysql_close($connection); } } else { echo "Wrong Username/Password"; }} ?> <center> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <div> <br /> <label for="txtusername">Username:</label> <input type="text" name="username" value="" title="Text input: Username" id="txtusername" maxlength="20" /> </div> <div> <label for="txtpassword"> Password:</label> <input type="password" name="password" title="Text input: Password" id="txtpassword" maxlength="20" /> </div> <br /> <div> <input type="submit" name="submit" value="Login" /> <input type="submit" name="ResetButton" title="Reset button: Login" id="btnReset" value="Clear" class="button" /> <br /> </div> </fieldset> </form> <font color="red"> </font> </center> Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767438 Share on other sites More sharing options...
Cooper94 Posted February 20, 2009 Author Share Posted February 20, 2009 Sadly No Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767442 Share on other sites More sharing options...
The Little Guy Posted February 20, 2009 Share Posted February 20, 2009 I believe this: $password = mysql_real_escape_string($password); should be this: $enc = mysql_real_escape_string($enc); Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767446 Share on other sites More sharing options...
premiso Posted February 20, 2009 Share Posted February 20, 2009 I believe this: $password = mysql_real_escape_string($password); should be this: $enc = mysql_real_escape_string($enc); Technically he does not need to escape it as an MD5 hash will have all allowed values. That is just doing an unnecessary process. However if on the $password he escaped it going into the DB then MD5'd it, that should be added back in there as the password may depend on variables be escaped then md5'd. Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767454 Share on other sites More sharing options...
Cooper94 Posted February 21, 2009 Author Share Posted February 21, 2009 Um any more ideas it seems to work when I take out the AND admin='yes' but I need that so that only admins are allowed in. Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767512 Share on other sites More sharing options...
jackpf Posted February 21, 2009 Share Posted February 21, 2009 hey, try this. I just swapped a few things round and removed some unescesary stuff Also, if data.php sends anything to the page, it could prevent your headers from being set. <?php include_once('data.php'); ob_start(); session_start(); if(isset($_POST['submit'])) { // username and password sent from form $username=$_POST['username']; $password=$_POST['password']; $password = md5($_POST['password']); $sql=mysql_query("SELECT * FROM `pilots` WHERE `username`='$username' AND `password`='$enc' AND `admin`='yes'"); $omg = mysql_num_rows($sql); if($omg != 0) { $_SESSION['username'] = $username; $_SESSION['password'] = $password; header ('Location: successadm.php'); mysql_close($connection); } else { echo "Wrong Username/Password"; }} else { echo '<center> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <div> <br /> <label for="txtusername">Username:</label> <input type="text" name="username" value="" title="Text input: Username" id="txtusername" maxlength="20" /> </div> <div> <label for="txtpassword"> Password:</label> <input type="password" name="password" title="Text input: Password" id="txtpassword" maxlength="20" /> </div> <br /> <div> <input type="submit" name="submit" value="Login" /> <input type="submit" name="ResetButton" title="Reset button: Login" id="btnReset" value="Clear" class="button" /> <br /> </div> </fieldset> </form> <font color="red">'; } ?> I assume that your mysql connection is being made in data.php? Quote Link to comment https://forums.phpfreaks.com/topic/146168-login/#findComment-767522 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.