adam2326 Posted May 1, 2009 Share Posted May 1, 2009 I am trying to use the code below for a login system on my website. login.php <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php if(!isset($user) | !isset($password)) { ?> <form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST"> <p align="center">Members only. Please login to access this document.</p> <table align="center" border="0"> <tr> <th> Username: </th> <th> <input type="text" name="user"> </th> </tr> <tr> <th> Password: </th> <th> <input type="password" name="password"> </th> </tr> <tr> <th colspan="2" align="right"> <input type="submit" value="Login"> </form> </th> </tr> </table> </body> </html> <?php exit(); } session_register("user"); session_register("password"); include ("connection.php"); $sql = mysql_query("SELECT password FROM admin WHERE user = '$user'"); $fetch_em = mysql_fetch_array($sql); $numrows = mysql_num_rows($sql); if($numrows != "0" & $password == $fetch_em["password"]) { $valid_user = 1; } else { $valid_user = 0; } if (!($valid_user)) { session_unset(); session_destroy(); ?> <form action="<?php echo $PHP_SELF?><?php if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="POST"> <p align="center">Incorrect login information, please try again. You must login to access this document.</p> <table align="center" border="0"> <tr> <th> Username: </th> <th> <input type="text" name="user"> </th> </tr> <tr> <th> Password: </th> <th> <input type="password" name="password"> </th> </tr> <tr> <th colspan="2" align="right"> <input type="submit" value="Login"> </form> </th> </tr> </table> </body> </html> <?php exit(); } ?> </body> </html> I then put include('login.php'); at the top of the page that only the admin can view. It all works fine until I enter in the user name and password. It keeps telling me that I have entered in incorrect login information and therefore will not let me proceed. Can someone please help? Thanks Link to comment https://forums.phpfreaks.com/topic/156457-php-login-script/ Share on other sites More sharing options...
revraz Posted May 4, 2009 Share Posted May 4, 2009 So your password is in plain text in the DB? Link to comment https://forums.phpfreaks.com/topic/156457-php-login-script/#findComment-825642 Share on other sites More sharing options...
cltn77 Posted June 2, 2009 Share Posted June 2, 2009 $sql = mysql_query("SELECT password FROM admin WHERE user = '$user'"); Have u check the variable $user whether got value or not? Cause you not define $user = $_POST['user']. Link to comment https://forums.phpfreaks.com/topic/156457-php-login-script/#findComment-847570 Share on other sites More sharing options...
alco19357 Posted June 8, 2009 Share Posted June 8, 2009 you're problem lays here i believe // you have # if($numrows != "0" & $password == $fetch_em["password"]) { //switch it to: (with two && if($numrows != "0" && $password == $fetch_em["password"]) { also, make sure you ALWAYS encrypt passwords with atleast md5 (i like sha256) Link to comment https://forums.phpfreaks.com/topic/156457-php-login-script/#findComment-851867 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.