phpwannabe25 Posted August 14, 2009 Share Posted August 14, 2009 hi, havin a problem login to the website. the problem is with the password. the password column in the database is 'password'. although i am entering a correct password and username, i am gettin told that i do not have teh correct password entered. ..... any help would be welcomed... here is the code to the login page... //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM hotelsignup WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> here is also the code from registration if it may asssit.... // here we encrypt the password and add slashes if needed $_POST['password'] = md5($_POST['password']); if (!get_magic_quotes_gpc()) { $_POST['password'] = addslashes($_POST['password']); $_POST['username'] = addslashes($_POST['username']); } $sql="INSERT INTO hotelsignup (username,password,email, hotelname, address1, address2, county, telephone, starrating, hoteloverview, hotelfacilities, hoteldining, hoteltandc) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[hotelname]','$_POST[address1]','$_POST[address2]','$_POST[county]','$_POST[telephone]','$_POST[starrating]','$_POST[hoteloverview]','$_POST[hotelfacilities]','$_POST[hoteldining]','$_POST[hoteltandc]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> Thanks! Link to comment https://forums.phpfreaks.com/topic/170243-login-difficulties/ Share on other sites More sharing options...
wildteen88 Posted August 14, 2009 Share Posted August 14, 2009 This code //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM hotelsignup WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } Can be reduced down to //if the login form is submitted if (isset($_POST['submit'])) { // get the login details $username = mysql_real_escape_string($_POST['username']); // encrypt the users password $password = md5($_POST['pass']); // Perform a single query to see if a record in the table has the same username and password $query = "SELECT username FROM hotelsignup WHERE username = '" . $username . "' AND password = '" . $password . "'"; $result = mysql_query($query)or die(mysql_error()); // check that the query returned one result // if it does user is logged if(mysql_num_rows($result) == 1) { // user has logged in successfully! // set a cookie $hour = time() + 3600; setcookie('ID_my_site', $username, $hour); // redirect user header("Location: members.php"); } // inavlid user. Login failed else { echo 'Invalid Login'; } } Link to comment https://forums.phpfreaks.com/topic/170243-login-difficulties/#findComment-898066 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.