MerlinJR Posted December 3, 2009 Share Posted December 3, 2009 I'm working on my login system but my code doesn't work. it is always skip the "true" part, so basically dosen't matter if the user and pass I entered is right or wrong it's always said it's wrong. Please help.... <?php session_start(); extract($_POST); $host = 'localhost'; $user_name = ''; $password = ''; $data_base = ''; $connect = @mysqli_connect ($host, $user_name, $password, $data_base)or die('Error connecting to mysql'); $username=$_POST['user']; $password=$_POST['pass']; $query="SELECT * FROM user WHERE username='$username' and pass='$password'"; $result=mysqli_query($query); $count=mysqli_num_rows($result); if($count==1){ $_SESSION['login'] = true; header('location: location: ../main.php'); exit; } $_SESSION['error'] = 'Wrong name or password. Try again.'; header('location: login.php'); ?> Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/ Share on other sites More sharing options...
ManInBlack Posted December 3, 2009 Share Posted December 3, 2009 no my bad. Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970337 Share on other sites More sharing options...
Deoctor Posted December 3, 2009 Share Posted December 3, 2009 have u checked whether u are able to extract the $username and $password correctly. try using an echo before $hostname and see what values ur getting for $username and $password Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970339 Share on other sites More sharing options...
trq Posted December 3, 2009 Share Posted December 3, 2009 You extract $_POST (which is a terrible idea) then override the $password variable within your script. This is indeed one reason why register_globals has been switched off and simply replacing it by extracting $_POST into the global namespace is a bad idea. Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970365 Share on other sites More sharing options...
avario Posted December 3, 2009 Share Posted December 3, 2009 Maybe I am just really stupid but isn't this: $result=mysqli_query($query); meant to be written like this: $result=mysql_query($query); without the i? Or is that just something different? Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970404 Share on other sites More sharing options...
cags Posted December 3, 2009 Share Posted December 3, 2009 mysqli is mysql improved it contains mainly the same functions but under mysqli_ rather than mysql_ Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970406 Share on other sites More sharing options...
Deoctor Posted December 3, 2009 Share Posted December 3, 2009 if u just open ur phpinfo file then it would b something like that shown in the jpg file. if the mysqli mysqli.allow_local_infile is off then u cannot use this one.. if u want to know difference between both u can check it out here.. mysqli is the improved mysql extension for php. they both provide access mysql features. [attachment deleted by admin] Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970411 Share on other sites More sharing options...
trq Posted December 3, 2009 Share Posted December 3, 2009 if the mysqli mysqli.allow_local_infile is off then u cannot use this one.. All that means is you can't use a local ini file for configuration. If mysqli is not installed you wont see anything about it within your phpinfo() output. Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970413 Share on other sites More sharing options...
Jakehh Posted December 3, 2009 Share Posted December 3, 2009 There are two password variables. Quote Link to comment https://forums.phpfreaks.com/topic/183835-login-system/#findComment-970418 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.