Obadiah Posted March 31, 2010 Share Posted March 31, 2010 Hi guys, I need assistance with some code for my login script. I had to redo it because of several changes made to my database. for some reason when I run my login script it doesnot pick up that the password is there(or that it is correct) since my error displays when i submit the user and password. many thanks for your help in advance! the username field in sql is user_id the password field in sql is user_pass here is the array $fields_1 = array("fusername" => "User Name", "fpassword" => "Password" ); $length_1 = array("fusername" => "10", "fpassword" => "10" ); here is my login script <?php /* Program: Login.php */ session_start(); include("functions_main.inc"); $table_name = "users"; $next_program = "home.php"; switch (@$_POST['Button']) { case "Login": $cxn = Connect_to_db("Vars.inc"); $sql = "SELECT user_id FROM $table_name WHERE user_id='$_POST[fusername]'"; $result = mysqli_query($cxn,$sql) or die("Couldn't execute query 1"); $num = mysqli_num_rows($result); if($num == 1) { $sql = "SELECT user_id FROM $table_name WHERE user_id='".mysqli_real_escape_string($cxn,$_POST['fusername'])."' AND user_pass=md5('$_POST[fpassword]')"; $result2 = mysqli_query($cxn,$sql) or die("Couldn't execute query 2."); $row = mysqli_fetch_assoc($result2); if($row) { $_SESSION['auth']="yes"; $_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']); header("Location: $next_program"); } else { /*this is the message that keeps displaying even though the password is correct*/ $message_1="The Login Name, '$_POST[fusername]' exists, but you have not entered the correct password! Please try again.<br>"; extract($_POST); include("fields_login.inc"); include("double_form.inc"); } } elseif ($num == 0) // login name not found { $message_1 = "The User Name you entered does not exist! Please try again.<br>"; include("fields_login.inc"); include("double_form.inc"); } break; case "Register": /* Check for blanks */ foreach($_POST as $field => $value) { if ($field != "fax") { if ($value == "") { $blanks[] = $field; } } } if(isset($blanks)) { $message_2 = "The following fields are blank. Please enter the required information: "; foreach($blanks as $value) { $message_2 .="$value, "; } extract($_POST); include("fields_login.inc"); include("double_form.inc"); exit(); } /* validate data */ foreach($_POST as $field => $value) { if(!empty($value)) { if(eregi("name",$field) and !eregi("user",$field) and !eregi("log",$field)) { if (!ereg("^[A-Za-z' -]{1,50}$",$value)) { $errors[] = "$value is not a valid name."; } } if(eregi("street",$field)or eregi("addr",$field) or eregi("city",$field)) { if(!ereg("^[A-Za-z0-9.,' -]{1,50}$",$value)) { $errors[] = "$value is not a valid address or city."; } } if(eregi("state",$field)) { if(!ereg("[A-Za-z]",$value)) { $errors[] = "$value is not a valid state."; } } if(eregi("email",$field)) { if(!ereg("^.+@.+\\..+$",$value)) { $errors[] = "$value is not a valid email address."; } } if(eregi("zip",$field)) { if(!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$value)) { $errors[] = "$value is not a valid zipcode."; } } if(eregi("phone",$field) or eregi("fax",$field)) { if(!ereg("^[0-9)(xX -]{7,20}$",$value)) { $errors[] = "$value is not a valid phone number. "; } } } } foreach($_POST as $field => $value) { if($field != "Button") { if($field == "password") { $password = strip_tags(trim($value)); } else { $fields[]=$field; $value = strip_tags(trim($value)); $values[] = addslashes($value); $$field = $value; } } } if(@is_array($errors)) { $message_2 = ""; foreach($errors as $value) { $message_2 .= $value." Please try again<br />"; } include("fields_login.inc"); include("double_form.inc"); exit(); } $user_name = $_POST['user_name']; /* check to see if user name already exists */ $cxn = Connect_to_db("Vars.inc"); $sql = "SELECT user_id FROM $table_name WHERE user_id='$user_name'"; $result = mysqli_query($cxn,$sql) or die("Couldn't execute query."); $num = mysqli_num_rows($result); if ($num > 0) { $message_2 = "$user_name already used. Select another User Name."; include("fields_login.inc"); include("double_form.inc"); exit(); } else { $today = date("Y-m-d"); $fields_str = implode(",",$fields); $values_str = implode('","',$values); $fields_str .=",create_date"; $values_str .='"'.",".'"'.$today; $fields_str .=",password"; $values_str .= '"'.","."md5"."('".$password."')"; $sql = "INSERT INTO $table_name "; $sql .= "(".$fields_str.")"; $sql .= " VALUES "; $sql .= "(".'"'.$values_str.")"; mysqli_query($cxn,$sql) or die(mysqli_error($cxn)); $_SESSION['auth']="yes"; $_SESSION['logname'] = $user_name; /* send email to new Customer */ $emess = "You have successfully registered. "; $emess .= "Your new user name and password are: "; $emess .= "\n\n\t$user_name\n\t"; $emess .= "password\n\n"; $emess .= "We appreciate your interest. \n\n"; $emess .= "If you have any questions or problems,"; $emess .= " email [email protected]"; $subj = "Your new customer registration"; #$mailsend=mail("$email","$subj","$emess"); header("Location: $next_program?user='.$user_name"); } break; default: include("fields_login.inc"); include("double_form.inc"); } ?> Link to comment https://forums.phpfreaks.com/topic/197071-password-not-being-recognized-on-login-script/ Share on other sites More sharing options...
rameshfaj Posted March 31, 2010 Share Posted March 31, 2010 why not to try all the core things with a simple mysql query on mysql console: mysql>select *from users_table where username='abcd'; if this returns non-zero entries then there is the entry for the user. mysql>select *from users_table where username="abcd" and password=md5('passwd'); if this returns non-zero rows then the provided username and pwd is eligible for login. Please let me know if need further help. Link to comment https://forums.phpfreaks.com/topic/197071-password-not-being-recognized-on-login-script/#findComment-1034518 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.