phpwiz Posted August 1, 2009 Share Posted August 1, 2009 ok i have made this login script and it connects to the database and all but it says "Incorrect password!" when i KNOW i put in the correct password, here is the code. login2.php <?php $username = $_POST['username']; $password = md5($_POST['password']); if ($username) { include "connect.php"; $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } // check to see if they match if ($username==$dbusername&&$password==$dbpassword) { echo "You have sucessfully been logged in! <a href='mem.php'>Click here!</a>"; $_SESSION['username']=$username; } else die("Incorrect password!"); } else die("That user Does NOT exist"); } else die("Please enter a username and a password!"); ?> Quote Link to comment Share on other sites More sharing options...
ignace Posted August 1, 2009 Share Posted August 1, 2009 while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } modify to: list($dbusername, $dbpassword) = mysql_fetch_array($query, MYSQL_NUM); Quote Link to comment Share on other sites More sharing options...
phpwiz Posted August 1, 2009 Author Share Posted August 1, 2009 while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } modify to: list($dbusername, $dbpassword) = mysql_fetch_array($query, MYSQL_NUM); Still says "Incorrect password!" and i have even changed my password in the DB to make sure it is the rite password. Quote Link to comment Share on other sites More sharing options...
gevans Posted August 1, 2009 Share Posted August 1, 2009 After the query check you're getting results. If you are echo the results and compare them to what's being entered into the form. Quote Link to comment Share on other sites More sharing options...
phpwiz Posted August 1, 2009 Author Share Posted August 1, 2009 After the query check you're getting results. If you are echo the results and compare them to what's being entered into the form. Yes, i am i tried taking out the md5 because in the DB it is not encrypted rite now. still says incorrect password Quote Link to comment Share on other sites More sharing options...
gevans Posted August 1, 2009 Share Posted August 1, 2009 try this; <?php session_start(); if(isset($_POST['username'])) { $username = $_POST['username']; $password = md5($_POST['password']); //remove md5 if needed include "connect.php"; $query = mysql_query("SELECT `password` FROM `users` WHERE `username`='$username' LIMIT 1"); $numrows = mysql_num_rows($query); if ($numrows > 0) { $row = mysql_fetch_assoc($query); $dbpassword = $row['password']; // check to see if they match var_dump($password); echo '<br />should equal<br />'; var_dump($dbpassword); if ($password==$dbpassword) { echo "You have sucessfully been logged in! <a href='mem.php'>Click here!</a>"; $_SESSION['username']=$username; } else { die("Incorrect password!"); } } else { die("That user Does NOT exist"); } } else { die("Please enter a username and a password!"); } ?> Quote Link to comment Share on other sites More sharing options...
phpwiz Posted August 1, 2009 Author Share Posted August 1, 2009 try this; <?php session_start(); if(isset($_POST['username'])) { $username = $_POST['username']; $password = md5($_POST['password']); //remove md5 if needed include "connect.php"; $query = mysql_query("SELECT `password` FROM `users` WHERE `username`='$username' LIMIT 1"); $numrows = mysql_num_rows($query); if ($numrows > 0) { $row = mysql_fetch_assoc($query); $dbpassword = $row['password']; // check to see if they match var_dump($password); echo '<br />should equal<br />'; var_dump($dbpassword); if ($password==$dbpassword) { echo "You have sucessfully been logged in! <a href='mem.php'>Click here!</a>"; $_SESSION['username']=$username; } else { die("Incorrect password!"); } } else { die("That user Does NOT exist"); } } else { die("Please enter a username and a password!"); } ?> this is what it echo'd out string(32) "5f4dcc3b5aa765d61d8327deb882cf99" should equal string( "password" Incorrect password! Quote Link to comment Share on other sites More sharing options...
gevans Posted August 1, 2009 Share Posted August 1, 2009 change password in the db to 5f4dcc3b5aa765d61d8327deb882cf99 and try it again Quote Link to comment Share on other sites More sharing options...
phpwiz Posted August 1, 2009 Author Share Posted August 1, 2009 ok i took out the md5( ) and it worked, how do i take out all the other stuff so it only says like you have successfully been logged in only like no string stuff Quote Link to comment Share on other sites More sharing options...
gevans Posted August 1, 2009 Share Posted August 1, 2009 var_dump($password); echo '<br />should equal<br />'; var_dump($dbpassword); get rid of those 3 lines also id put the md5 back and change the password in the db, not the other way round! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.