HokieTracks Posted April 7, 2009 Share Posted April 7, 2009 Hi, I am trying to create a members only portion of my website but right now I am having trouble with enabling users to login. Here is my code for users trying to log in: <?php session_start(); ?> <body> <html> <?php include "layout.php"; ?> <div id="contnt"> <?php include("database.inc"); switch (@$_POST['do']) { case "login": $cxn = mysqli_connect($host, $user,$passwd,$dbname) or die ("Couldn't connect to server."); $sql = "SELECT loginName FROM Member WHERE loginName='$_POST[loginName]'"; $result = mysqli_query($cxn,$sql) or die("Couldn't execute query."); $num = mysqli_num_rows($result); if ($num > 0) // login name was found { $sql = "SELECT loginName FROM Member WHERE loginName='$_POST[loginName]' AND password=md5('$_POST[password]')"; $result2 = mysqli_query($cxn,$sql) or die("Couldn't execute query 2."); $num2 = mysqli_num_rows($result2); if ($num2 > 0) // password is correct { $_SESSION['auth']="yes"; $logname=$_POST['loginName']; $_SESSION['logname'] = $logname; $today = date("Y-m-d h:i:s"); $sql = "INSERT INTO Login (loginName,loginTime) VALUES ('$logname','$today')"; $result = mysqli_query($cxn,$sql) or die("Can't execute insert query."); header("Location: Member_page.php"); } else // password is not correct { $message="The Login Name, '$_POST[loginName]' exists, but you have not entered the correct password! Please try again.<br>"; include("login_form.inc"); } } elseif ($num == 0) // login name not found { $message = "The Login Name you entered does not exist! Please try again.<br>"; include("login_form.inc"); } break; default: include("login_form.inc"); } ?> </div> </div> </body> </html> As you can see the passwords and usernames are kept in the member table of my database. But, whenever I try this code out it finds the username but displays that the password is wrong. Anyone know if I forgot something or if I am doing something wrong? Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/ Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 Silly question but when the password is being stored in the database when the user registers, is that md5'd before it goes in? Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803854 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 No it's not. Could that be the problem? Here is the code that inserts it into the database when the user registers: <?php $con = mysql_connect("localhost","*******_****","*********"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("*******_****", $con); $sql="INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender) VALUES ('$_POST[loginName]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[age]','$_POST[location]','$_POST[email]','$_POST[gender]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Thank You"; mysql_close($con) ?> Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803861 Share on other sites More sharing options...
laffin Posted April 7, 2009 Share Posted April 7, 2009 I see no session_start(); Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803868 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 I did forget that, thanks. But, that cant be the problem because the user data was being entered fine before that. Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803871 Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 If you're entering data as it was entered and then using md5 on the password of the login attempt then they are going to be different I would md5 the password before it goes into the database Also use mysql_real_escape_string() on any $_POST before going into the database Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803915 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 Ok, here is my new code: <?php require_once('recaptchalib.php'); $privatekey = "6Lfm1gUAAAAAACv1aw01NVmhFJUgRvcbNPiqhkDN"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { die ("The verification code was not entered correctly." . "(" . $resp->error . ")"); } $con = mysql_connect("localhost","hokietr1_users","U3Rm:{7Jky$#"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("hokietr1_users", $con); $sql= "INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender) VALUES ('$_POST[loginName]', md5('9$_POST[password]'),'$_POST[firstName]','$_POST[lastName]','$_POST[age]','$_POST[location]','$_POST[email]','$_POST[gender]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Thank You"; mysql_close($con) ?> I still have the same problem though. And I am not sure how you want me to use mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803931 Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 md5('9$_POST[password]') also mysql_real_escape_string(md5($_POST['password'])) and like that for all other post variables going into database bu without md5 Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803936 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 Ok, I did this: ('mysql_real_escape_string($_POST['loginName'])','mysql_real_escape_string(md5($_POST['password']))','mysql_real_escape_string($_POST['firstName']','mysql_real_escape_string($_POST['lastName'])','mysql_real_escape_string($_POST['age'])','mysql_real_escape_string($_POST['location'])','mysql_real_escape_string($_POST['email'])','mysql_real_escape_string($_POST['gender'])')"; But, now I have an error message saying: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/hokietr1/public_html/home/insert.php on line 38 So I assume my code is wrong. Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803941 Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 you're missing a ) on this bit mysql_real_escape_string($_POST['firstName']', should be mysql_real_escape_string($_POST['firstName'])', Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803964 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 Hmm, still the same error. Is the mysql_real_escape_string necessary? Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-803991 Share on other sites More sharing options...
deadonarrival Posted April 7, 2009 Share Posted April 7, 2009 Yes. ALWAYS escape user input before putting into your database. Read this Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804000 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 Ok, thanks for that info. Any ideas as to what is wrong with this code or as to why the whole login wont work? Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804004 Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 $loginName = mysql_real_escape_string($_POST['loginName']); $password = mysql_real_escape_string(md5($_POST['password'])); $firstname = mysql_real_escape_string($_POST['firstName']); $lastname = mysql_real_escape_string($_POST['lastName']); $age = mysql_real_escape_string($_POST['age']); $location = mysql_real_escape_string($_POST['location']); $email = mysql_real_escape_string($_POST['email']); $gender = mysql_real_escape_string($_POST['gender']); $sql= "INSERT INTO Member (loginName, Password, firstName, LastName, Age, Location, Email, Gender) VALUES ('$loginName','$password','$firstname','$lastname','$age','$location','$email','$gender')"; try that Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804009 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 That fixed it. It also fixed the whole login problem. Thanks man, you were a huge help! Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804014 Share on other sites More sharing options...
AdRock Posted April 7, 2009 Share Posted April 7, 2009 No probs Just remember to click "Topic Solved" so we all know that it's fixed your problem Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804026 Share on other sites More sharing options...
HokieTracks Posted April 7, 2009 Author Share Posted April 7, 2009 Done. Thanks again! Link to comment https://forums.phpfreaks.com/topic/153050-solved-member-login-problem/#findComment-804030 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.