phpwannabe25 Posted August 14, 2009 Share Posted August 14, 2009 hi, havin a problem login to the website. the problem is with the password. the password column in the database is 'password'. although i am entering a correct password and username, i am gettin told that i do not have teh correct password entered. ..... any help would be welcomed... here is the code to the login page... //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM hotelsignup WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> here is also the code from registration if it may asssit.... // here we encrypt the password and add slashes if needed $_POST['password'] = md5($_POST['password']); if (!get_magic_quotes_gpc()) { $_POST['password'] = addslashes($_POST['password']); $_POST['username'] = addslashes($_POST['username']); } $sql="INSERT INTO hotelsignup (username,password,email, hotelname, address1, address2, county, telephone, starrating, hoteloverview, hotelfacilities, hoteldining, hoteltandc) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[hotelname]','$_POST[address1]','$_POST[address2]','$_POST[county]','$_POST[telephone]','$_POST[starrating]','$_POST[hoteloverview]','$_POST[hotelfacilities]','$_POST[hoteldining]','$_POST[hoteltandc]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/170243-login-difficulties/ Share on other sites More sharing options...
wildteen88 Posted August 14, 2009 Share Posted August 14, 2009 This code //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM hotelsignup WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } Can be reduced down to //if the login form is submitted if (isset($_POST['submit'])) { // get the login details $username = mysql_real_escape_string($_POST['username']); // encrypt the users password $password = md5($_POST['pass']); // Perform a single query to see if a record in the table has the same username and password $query = "SELECT username FROM hotelsignup WHERE username = '" . $username . "' AND password = '" . $password . "'"; $result = mysql_query($query)or die(mysql_error()); // check that the query returned one result // if it does user is logged if(mysql_num_rows($result) == 1) { // user has logged in successfully! // set a cookie $hour = time() + 3600; setcookie('ID_my_site', $username, $hour); // redirect user header("Location: members.php"); } // inavlid user. Login failed else { echo 'Invalid Login'; } } Quote Link to comment https://forums.phpfreaks.com/topic/170243-login-difficulties/#findComment-898066 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.