Jump to content

[SOLVED] Member Login Problem

HokieTracks

By HokieTracks
in PHP Coding Help

 Share

Recommended Posts

HokieTracks Member

HokieTracks

Posted
Posted

Hi, I am trying to create a members only portion of my website but right now I am having trouble with enabling users to login. Here is my code for users trying to log in:

 

<?php
session_start();    
?>                                  

<body>
<html>

<?php
include "layout.php";
?>
<div id="contnt">
<?php
include("database.inc");                        
switch (@$_POST['do'])                             
{
   case "login":                                    
     $cxn = mysqli_connect($host, $user,$passwd,$dbname) 
            or die ("Couldn't connect to server.");   

     $sql = "SELECT loginName FROM Member 
             WHERE loginName='$_POST[loginName]'";   
     $result = mysqli_query($cxn,$sql)
               or die("Couldn't execute query.");     
     $num = mysqli_num_rows($result);               
     if ($num > 0)  // login name was found           
     {
        $sql = "SELECT loginName FROM Member 
                WHERE loginName='$_POST[loginName]'
                AND password=md5('$_POST[password]')";
        $result2 = mysqli_query($cxn,$sql)
                   or die("Couldn't execute query 2.");
        $num2 = mysqli_num_rows($result2);
        if ($num2 > 0)  // password is correct       
        {
           $_SESSION['auth']="yes";                 
           $logname=$_POST['loginName']; 
           $_SESSION['logname'] = $logname;          
           $today = date("Y-m-d h:i:s");               
           $sql = "INSERT INTO Login (loginName,loginTime)
                   VALUES ('$logname','$today')";
           $result = mysqli_query($cxn,$sql) 
                     or die("Can't execute insert query.");
           header("Location: Member_page.php");        
        }
        else    // password is not correct           
        {
           $message="The Login Name, '$_POST[loginName]' 
                     exists, but you have not entered the 
                     correct password! Please try again.<br>";
           include("login_form.inc");                
        } 
     }                                               
     elseif ($num == 0)  // login name not found       
     {   
        $message = "The Login Name you entered does not 
                    exist! Please try again.<br>";
        include("login_form.inc");
     }
   break;                                                                               

    default:                                          
        include("login_form.inc");
  }
?>

</div>

</div> 
</body>
</html>

 

As you can see the passwords and usernames are kept in the member table of my database. But, whenever I try this code out it finds the username but displays that the password is wrong. Anyone know if I forgot something or if I am doing something wrong?

Link to comment
Share on other sites
HokieTracks Member

HokieTracks

Posted
  • Author
Posted

No it's not. Could that be the problem? Here is the code that inserts it into the database when the user registers:

 

<?php
$con = mysql_connect("localhost","*******_****","*********");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("*******_****", $con);

$sql="INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender)
VALUES
('$_POST[loginName]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[age]','$_POST[location]','$_POST[email]','$_POST[gender]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Thank You";

mysql_close($con)
?>

 

 

Link to comment
Share on other sites
AdRock Advanced Member

AdRock

Posted
Posted

If you're entering data as it was entered and then using md5 on the password of the login attempt then they are going to be different

 

I would md5 the password before it goes into the database

 

Also use mysql_real_escape_string() on any $_POST before going into the database

Link to comment
Share on other sites
HokieTracks Member

HokieTracks

Posted
  • Author
Posted

Ok, here is my new code:

 

<?php

require_once('recaptchalib.php');
$privatekey = "6Lfm1gUAAAAAACv1aw01NVmhFJUgRvcbNPiqhkDN";
$resp = recaptcha_check_answer ($privatekey,
                                $_SERVER["REMOTE_ADDR"],
                                $_POST["recaptcha_challenge_field"],
                                $_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
  die ("The verification code was not entered correctly." .
       "(" . $resp->error . ")");
}


$con = mysql_connect("localhost","hokietr1_users","U3Rm:{7Jky$#");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("hokietr1_users", $con);

$sql= "INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender)
VALUES
('$_POST[loginName]', md5('9$_POST[password]'),'$_POST[firstName]','$_POST[lastName]','$_POST[age]','$_POST[location]','$_POST[email]','$_POST[gender]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Thank You";

mysql_close($con)
?>

 

I still have the same problem though. And I am not sure how you want me to use mysql_real_escape_string()

Link to comment
Share on other sites
HokieTracks Member

HokieTracks

Posted
  • Author
Posted

Ok, I did this:

 

('mysql_real_escape_string($_POST['loginName'])','mysql_real_escape_string(md5($_POST['password']))','mysql_real_escape_string($_POST['firstName']','mysql_real_escape_string($_POST['lastName'])','mysql_real_escape_string($_POST['age'])','mysql_real_escape_string($_POST['location'])','mysql_real_escape_string($_POST['email'])','mysql_real_escape_string($_POST['gender'])')";

 

But, now I have an error message saying: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/hokietr1/public_html/home/insert.php on line 38

 

So I assume my code is wrong.

Link to comment
Share on other sites
AdRock Advanced Member

AdRock

Posted
Posted 

$loginName = mysql_real_escape_string($_POST['loginName']);
$password = mysql_real_escape_string(md5($_POST['password']));
$firstname = mysql_real_escape_string($_POST['firstName']);
$lastname = mysql_real_escape_string($_POST['lastName']);
$age = mysql_real_escape_string($_POST['age']);
$location = mysql_real_escape_string($_POST['location']);
$email = mysql_real_escape_string($_POST['email']);
$gender = mysql_real_escape_string($_POST['gender']);

$sql= "INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender)
VALUES
('$loginName','$password','$firstname','$lastname','$age','$location','$email','$gender')";

 

try that

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.