Jump to content

[SOLVED] login scipt not accepting input

bpburrow

By bpburrow
in PHP Coding Help

 Share

Recommended Posts

bpburrow Member

bpburrow

Posted
Posted

I've been working on this login script I pulled from a tutorial with a few tweaks here and there.  Problem is I keep getting the same error "Username and password combination are incorrect!".  I've added my variables to my error message and compared the results to the db.  Username and password are a match in the db.  My question is why isn't it accepting the combination?

 

<?php
session_start();

error_reporting(E_ALL);

require_once('site_fns.php');

do_menu_main2('');

if(!$_POST['submit']) // 'submit' hasn't been clicked so output html.
{
?>
<form action="adminlogin.php" method="post">
	<div  id="menu" class="mainMenu">
		<fieldset>
		  <legend>Admin Login</legend>
		  <ul>
			<li>
			  <label for="username">Username:</label>
			  <input type="text" name="username" />
			</li>
			<li>
			  <label for="password">Password:</label>
			  <input type="password" name="password" />
			</li>
		  </ul>
		<input type="submit" name="submit" value="Login" />
		</fieldset>
	</div>
</form>
<?php
}
else
{
	$user= protect($_POST['username']);
	$pass= protect($_POST['password']);

	if($user && $pass)
	{
		$pass = md5($pass); //compare the encrypted password
		$sql="SELECT id,username FROM Admin WHERE 'username'='$user' AND 'password'='$pass'";
		$query=mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($query) > 0)
		{
			$row = mysql_fetch_assoc($query); // mysql_fetch_assoc gets the value for each field in the row
			$_SESSION['id'] = $row['id']; //creates the first session var
			$_SESSION['username'] = $row['username']; // second session var

			echo "<script type=\"text/javascript\">window.location=\"mainadmin.php\"</script>";	
		}
		else
		{
			//I added $user, $pass to see the forms output.  Output was same as db.
			echo "<script type=\"text/javascript\">
			alert(\"Username and password combination is incorrect! $user, $pass\");
			window.location=\"adminlogin.php\"</script>";   
		}	
	}
	else
	{			
		//this script works fine when I leave a field empty
		echo "<script type=\"text/javascript\">
		alert(\"You need to gimme a username AND password!\");
		window.location=\"adminlogin.php\"</script>";
	}
}
do_html_footer();
?>

Link to comment
https://forums.phpfreaks.com/topic/181822-solved-login-scipt-not-accepting-input/
Share on other sites
bpburrow Member

bpburrow

Posted
  • Author
Posted

I tried with the double quotes and got the following error

 

line 43    $sql="SELECT id,username FROM Admin WHERE "username"='$user' AND "password"='$pass'";

 

 

Parse error: syntax error, unexpected T_STRING in /home/brittao1/public_html/admin/adminlogin.php on line 43

 

 

cags Member

cags

Posted
Posted

Changing the quotes to double quotes will of course break your string as it is delimited by double quotes. As PFMaBiSmAd pointed out, having the name in quotes makes them strings, you should remove them completely. If you have seen querys that appear to work, they are actually using backticks which can be used in MySQL to denote column name, which allows you to use reserved words etc. What your after is...

 

$sql="SELECT id, username FROM Admin WHERE username='$user' AND password='$pass'";

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.