adam2326 Posted May 1, 2009 Share Posted May 1, 2009 I am trying to use the code below for a login system on my website. login.php <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php if(!isset($user) | !isset($password)) { ?> <form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST"> <p align="center">Members only. Please login to access this document.</p> <table align="center" border="0"> <tr> <th> Username: </th> <th> <input type="text" name="user"> </th> </tr> <tr> <th> Password: </th> <th> <input type="password" name="password"> </th> </tr> <tr> <th colspan="2" align="right"> <input type="submit" value="Login"> </form> </th> </tr> </table> </body> </html> <?php exit(); } session_register("user"); session_register("password"); include ("connection.php"); $sql = mysql_query("SELECT password FROM admin WHERE user = '$user'"); $fetch_em = mysql_fetch_array($sql); $numrows = mysql_num_rows($sql); if($numrows != "0" & $password == $fetch_em["password"]) { $valid_user = 1; } else { $valid_user = 0; } if (!($valid_user)) { session_unset(); session_destroy(); ?> <form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST"> <p align="center">Incorrect login information, please try again. You must login to access this document.</p> <table align="center" border="0"> <tr> <th> Username: </th> <th> <input type="text" name="user"> </th> </tr> <tr> <th> Password: </th> <th> <input type="password" name="password"> </th> </tr> <tr> <th colspan="2" align="right"> <input type="submit" value="Login"> </form> </th> </tr> </table> </body> </html> <?php exit(); } ?> </body> </html> I then put include('login.php'); at the top of the page that only the admin can view. It all works fine until I enter in the user name and password. It keeps telling me that I have entered in incorrect login information and therefore will not let me proceed. Can someone please help? Thanks Quote Link to comment Share on other sites More sharing options...
revraz Posted May 4, 2009 Share Posted May 4, 2009 So your password is in plain text in the DB? Quote Link to comment Share on other sites More sharing options...
cltn77 Posted June 2, 2009 Share Posted June 2, 2009 $sql = mysql_query("SELECT password FROM admin WHERE user = '$user'"); Have u check the variable $user whether got value or not? Cause you not define $user = $_POST['user']. Quote Link to comment Share on other sites More sharing options...
alco19357 Posted June 8, 2009 Share Posted June 8, 2009 you're problem lays here i believe // you have # if($numrows != "0" & $password == $fetch_em["password"]) { //switch it to: (with two && if($numrows != "0" && $password == $fetch_em["password"]) { also, make sure you ALWAYS encrypt passwords with atleast md5 (i like sha256) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.