help please user login problem

[perezf]

I have a problem where the user cant log in but can register without a problem

The user  can register and the information is put into the database
but when the user logs in he/she gets an error saying Incorrect Password, try again

can someone please help me

[code]<?
function confirmUser($username, $password){
  global $conn;
  if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
  }

  $q = "select password from users where username = '$username'";
  $result = mysql_query($q,$conn);
  if(!$result || (mysql_numrows($result) < 1)){
      return 1; //username failure
  }

  $dbarray = mysql_fetch_array($result);
  $dbarray['password']  = stripslashes($dbarray['password']);
  $password = stripslashes($password);

  if($password == $dbarray['password']){
      return 0; //login successful
  }
  else{
      return 2; //password failure
  }
}

function checkLogin(){
  if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
  }

  if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        return false;
      }
      return true;
  }
  else{
      return false;
  }
}

function displayLogin(){
  global $logged_in;
  if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
  }
  else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="?page=Register with Us">Join</a></td></tr>
</table>
</form>

<?
  }
}

if(isset($_POST['sublogin'])){

  if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
  }

  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

  $md5pass = md5($_POST['pass']);
  $result = confirmUser($_POST['user'], $md5pass);

  if($result == 1){
      die('That username doesn\'t exist in our database.');
  }
  else if($result == 2){
      die('Incorrect password, please try again.');
  }

  $_POST['user'] = stripslashes($_POST['user']);
  $_SESSION['username'] = $_POST['user'];
  $_SESSION['password'] = $md5pass;

  if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
  }

  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
$logged_in = checkLogin();
?>[/code]

the database fields are
username
password

[brown2005]

wats ur url so i can check

[perezf]

http://2fr3sh.com/doityourself/?page=Log%20IN

[king arthur]

You have a call to mysql_numrows(), there's no such function. It's mysql_num_rows().

[xyn]

I noticed one problem...
[code=php:0]$q = "select password from users where username = '$username'";
  $result = mysql_query($q,$conn);
  if(!$result || (mysql_numrows($result) < 1)){
     return 1; //username failure
  }[/code]

should be...
[code=php:0]$q = "select password from users where username = '$username'";
  $result = mysql_query($q,$conn);
  if(!$result || (mysql_num_rows($result) < 1)){
     return 1; //username failure
  }[/code]

mysql_numrows() = wont exist. should be mysql_num_rows();

[Orio]

I see you are using a md5.
Make sure the field in the database for the md5 passwrods is long enough to contain the string (has to be 32 chars minimum).

Orio.

[GingerRobot]

Thats not actually true xyn, mysql_numrows() also works. Ive no idea why though!

I take it that you are applying the md5 function to the password when they register?

[perezf]

problem still seems to occur

[xyn]

[quote author=GingerRobot link=topic=103384.msg411614#msg411614 date=1155032380]
Thats not actually true xyn, mysql_numrows() also works. Ive no idea why though!

I take it that you are applying the md5 function to the password when they register?
[/quote]
I am only giving advice which I think is correct, my mysql that syntax doesn't exist.

[king arthur]

Username and password are possibly reserved words in MySQL, try putting backticks around them:
[code]
  $q = "select `password` from users where `username` = '$username'";
[/code]

[perezf]

password field was set to 30 not 32
thank you now it works

i also had to fix numrows to num_rows

[perezf]

Now can someone help me figure out how to log out

[xyn]

if its sessions use what Orio says...
let me get it