Jump to content

[SOLVED] Login script not working

Roachy

By Roachy
in PHP Coding Help

 Share

Recommended Posts

Roachy Newbie

Roachy

Posted
Posted

Hi All,

 

Im new to php and have been trying to create a register and login script. The register script works fine and creates entries in a MySQL database but for some reason my login script doesn't work. Each time i try to login it displays 'Incorrect password, please try again' though I know the password entered matches that in the database. I suspect that this script is not retrieving or handling 'password' from the table 'users' in my database correctly though could be completely wrong. The original script was copied from a reliable source so should work though I may have changed something when tweaking it. Below is part of the login.php code.

 

Can someone please help?

 

mysql_connect("*****.net", "database1", "*****") or die(mysql_error()); 
mysql_select_db("database1") or die(mysql_error()); 

//Checks if there is a login cookie
if(isset($_COOKIE['SiteName']))

//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['SiteName']; 
$pass = $_COOKIE['SiteName2'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['password']) 
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check )) 
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else 
{ 
// if login is ok then we add a cookie 
$_POST['username'] = stripslashes($_POST['username']); 
$hour = time() + 3600; 
setcookie(StrictlyGirlz, $_POST['username'], $hour); 
setcookie(StrictlyGirlz2, $_POST['pass'], $hour);

Link to comment
Share on other sites
eRott Member

eRott

Posted
Posted

Two things which may be the cause:

 

[1] Possible incorrect database information. Are you trying to connect to a remote database?

[2] The passwords are not being stored upon register in md5 format.

 

Otherwise, the problem doesn't pop out at me. I've gone ahead and cleaned up your code a bit.

 

<?php
mysql_connect("*****.net", "database1", "*****") or die(mysql_error()); 
mysql_select_db("database1") or die(mysql_error());

//Checks if there is a login cookie
//if there is, it logs you in and directes you to the members page
if(isset($_COOKIE['SiteName']))
{
$username = $_COOKIE['SiteName'];
$pass = $_COOKIE['SiteName2'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$info = mysql_fetch_assoc($check);

if ($pass == $info['password']) {
	header("Location: members.php");
}
}

// If the login form is submitted
if (isset($_POST['submit'])) {

// Verifies the form has been filled in
if(empty($_POST['username']) || empty($_POST['pass'])) {
	die('You did not fill in a required field.');
}

if (!get_magic_quotes_gpc()) {
	$email = addslashes($_POST['email']);
}

$query = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'") or die(mysql_error());
$check = mysql_num_rows($query);

// Returns and error if user dosen't exist
if ($check == 0) {
	die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}

while($info = mysql_fetch_array($query))
{
	$post_pass = md5(stripslashes($_POST['pass']));
	$stored_pass = stripslashes($info['password']);

	// Returns an error if the password is wrong
	if ($post_pass != $stored_pass) {
		die('Incorrect password, please try again.');
	}
	else
	{
		// If login is ok then we add a cookie
		$username = stripslashes($_POST['username']);
		$hour = time() + 3600;
		setcookie(StrictlyGirlz, $username, $hour);
		setcookie(StrictlyGirlz2, $post_pass, $hour);
	}
}

}
?>

Link to comment
Share on other sites
Roachy Newbie

Roachy

Posted
  • Author
Posted

Thanks for you help eRott. The passwords are definitely stored in md5 upon registration though when I looked at the MySQL table again I realised I had made a simple noob mistake. I had limited the password field in the table to 20 characters so only the first 20 characters of the 32 md5 characters were stored  ::)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.