Roachy Posted May 20, 2009 Share Posted May 20, 2009 Hi All, Im new to php and have been trying to create a register and login script. The register script works fine and creates entries in a MySQL database but for some reason my login script doesn't work. Each time i try to login it displays 'Incorrect password, please try again' though I know the password entered matches that in the database. I suspect that this script is not retrieving or handling 'password' from the table 'users' in my database correctly though could be completely wrong. The original script was copied from a reliable source so should work though I may have changed something when tweaking it. Below is part of the login.php code. Can someone please help? mysql_connect("*****.net", "database1", "*****") or die(mysql_error()); mysql_select_db("database1") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['SiteName'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['SiteName']; $pass = $_COOKIE['SiteName2']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(StrictlyGirlz, $_POST['username'], $hour); setcookie(StrictlyGirlz2, $_POST['pass'], $hour); Link to comment https://forums.phpfreaks.com/topic/158979-solved-login-script-not-working/ Share on other sites More sharing options...
madspof Posted May 20, 2009 Share Posted May 20, 2009 replace the mysql_fetch_array with mysql_fetch_assoc Link to comment https://forums.phpfreaks.com/topic/158979-solved-login-script-not-working/#findComment-838451 Share on other sites More sharing options...
Roachy Posted May 20, 2009 Author Share Posted May 20, 2009 thanks for your suggestion though I'm still having the same problem. Any other suggestions? Link to comment https://forums.phpfreaks.com/topic/158979-solved-login-script-not-working/#findComment-838488 Share on other sites More sharing options...
eRott Posted May 20, 2009 Share Posted May 20, 2009 Two things which may be the cause: [1] Possible incorrect database information. Are you trying to connect to a remote database? [2] The passwords are not being stored upon register in md5 format. Otherwise, the problem doesn't pop out at me. I've gone ahead and cleaned up your code a bit. <?php mysql_connect("*****.net", "database1", "*****") or die(mysql_error()); mysql_select_db("database1") or die(mysql_error()); //Checks if there is a login cookie //if there is, it logs you in and directes you to the members page if(isset($_COOKIE['SiteName'])) { $username = $_COOKIE['SiteName']; $pass = $_COOKIE['SiteName2']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $info = mysql_fetch_assoc($check); if ($pass == $info['password']) { header("Location: members.php"); } } // If the login form is submitted if (isset($_POST['submit'])) { // Verifies the form has been filled in if(empty($_POST['username']) || empty($_POST['pass'])) { die('You did not fill in a required field.'); } if (!get_magic_quotes_gpc()) { $email = addslashes($_POST['email']); } $query = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysql_error()); $check = mysql_num_rows($query); // Returns and error if user dosen't exist if ($check == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array($query)) { $post_pass = md5(stripslashes($_POST['pass'])); $stored_pass = stripslashes($info['password']); // Returns an error if the password is wrong if ($post_pass != $stored_pass) { die('Incorrect password, please try again.'); } else { // If login is ok then we add a cookie $username = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(StrictlyGirlz, $username, $hour); setcookie(StrictlyGirlz2, $post_pass, $hour); } } } ?> Link to comment https://forums.phpfreaks.com/topic/158979-solved-login-script-not-working/#findComment-838522 Share on other sites More sharing options...
Roachy Posted May 22, 2009 Author Share Posted May 22, 2009 Thanks for you help eRott. The passwords are definitely stored in md5 upon registration though when I looked at the MySQL table again I realised I had made a simple noob mistake. I had limited the password field in the table to 20 characters so only the first 20 characters of the 32 md5 characters were stored Link to comment https://forums.phpfreaks.com/topic/158979-solved-login-script-not-working/#findComment-840220 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.