My Login wont work

[Ungerbla]

I see that.

change

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);

$count = mysql_num_rows ($result);

if($count ==1) {
session_start();
$_SESSION['myusername'] = $_POST['myusername'];
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else {
$message = "Wrong Username or Password";
}
}

to

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername'";
$result = mysql_query($sql);
if (mysql_num_rows($result) > 0) {
$data = mysql_fetch_assoc($result);
if ($data['password'] == $mypassword) {
	session_start();
	$_SESSION['myusername'] = $_POST['myusername'];
	$_SESSION['logged_in'] = true;
	header("Location: login_success.php");
} else {
	$message = 'Username/Password combination incorrect';
}
} else {
$message = 'Username/Password combination incorrect';
}

 

You may also want to look into hashing your passwords too.

Look at md5 in the php manual.

 

i did that.. and i got this error:

 

Parse error: parse error in C:\wamp\www\new 2.php on line 52

[Buddski]

Can you show the whole page code again please.

[Ungerbla]

Can you show the whole page code again please.

 

sure!

 

<?php
$message = '';
if (isset($_POST['submit'])) {
$host = "localhost";
$username = "root";
$password = "";
$db_name = "test";
$tbl_name = "members";

mysql_connect ($host, $username, $password) or die ("the server made a boo boo");
mysql_select_db ($db_name) or die (mysql_error () );

$myusername = $_POST ['myusername'];
$mypassword = $_POST ['mypassword'];

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername'";
$result = mysql_query($sql);
if (mysql_num_rows($result) > 0) {
   $data = mysql_fetch_assoc($result);
   if ($data['password'] == $mypassword) {
      session_start();
      $_SESSION['myusername'] = $_POST['myusername'];
      $_SESSION['logged_in'] = true;
      header("Location: login_success.php");
   } else {
      $message = 'Username/Password combination incorrect';
   }
} else {
   $message = 'Username/Password combination incorrect';
}
?>

<html>
<head>
<titel>Main Login Page</titel>
<style type="text/css"> </style>
</head>
<body>

<div id="loginform">
<form method ="post" action="login_success.php"
<label for="username">Username:</label>
<input type"text" name="myusername" id="username" />
<label for="password">Password:</label>
<input type="password" name="mypassword" id="password" />
<input type="submit" name="submit" value="Login" />
<br/>
<?php echo $message; ?>
</form>
</div>
</body>
</html>

[Buddski]

Ive added a few more little checks in there for you aswell..

 

<?php
$message = '';
if (isset($_POST['submit'])) {
$host = "localhost";
$username = "root";
$password = "";
$db_name = "test";
$tbl_name = "members";

mysql_connect ($host, $username, $password) or die ("the server made a boo boo");
mysql_select_db ($db_name) or die (mysql_error () );

$myusername = (isset($_POST['myusername']) ? $_POST['myusername'] : '');
$mypassword = (isset($_POST['mypassword']) ? $_POST['mypassword'] : '');

if (empty($myusername) || empty($mypassword)) {
	$message = 'Username and Password cannot be empty';
} else {
	$sql = "SELECT * FROM $tbl_name WHERE username='$myusername'";
	$result = mysql_query($sql);
	if (mysql_num_rows($result) > 0) {
	   $data = mysql_fetch_assoc($result);
	   if ($data['password'] == $mypassword) {
	      session_start();
	      $_SESSION['myusername'] = $_POST['myusername'];
	      $_SESSION['logged_in'] = true;
	      header("Location: login_success.php");
	   } else {
	      $message = 'Username/Password combination incorrect';
	   }
	} else {
	   $message = 'Username/Password combination incorrect';
	}
}
}
?>

<html>
<head>
<titel>Main Login Page</titel>
<style type="text/css"> </style>
</head>
<body>

<div id="loginform">
<form method ="post" action="login_success.php"
<label for="username">Username:</label>
<input type"text" name="myusername" id="username" />
<label for="password">Password:</label>
<input type="password" name="mypassword" id="password" />
<input type="submit" name="submit" value="Login" />
<br/>
<?php echo $message; ?>
</form>
</div>
</body>
</html>

[Ungerbla]

Buddski

 

you can still login without entering anything in the boxes..

 

i used this tutorial btw..

 

[Buddski]

Gah..

if (empty($myusername) || empty($mypassword)) {

to

if ($myusername == '' || $mypassword == '') {

[Buddski]

I can see what youve done here..

your form action is wrong..

 

it needs to be itself NOT the login_sucess.php

action="login_success.php"

to

action="new 2.php" or whatever the page with the form on is called

[Buddski]

And one other thing..

 

the change I gave you before

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {

should be

if (!isset($_SESSION['logged_in'])) {

on the login_success page.

[Ungerbla]

Buddski

 

Still nothing im affraid...

you can still login and not enter anything in the boxes..

 

culd this be something iv done? culd it be the database or something?

[Buddski]

You made the changes to the form action and the login_success page and it still doesnt work?

You are also missing your closing '>' for your form..

 

I should read more.. getting tired now..

[Ungerbla]

You made the changes to the form action and the login_success page and it still doesnt work?

You are also missing your closing '>' for your form..

 

I should read more.. getting tired now..

 

iv done all the things youv told me to do...

[PFMaBiSmAd]

I recommend posting your current code for both the form page and the login_success page.