Killer1390 Posted December 13, 2010 Share Posted December 13, 2010 Well, basically I am making my log in script. This is my first website with php and MySQL... actually, its my first website I have done that isn't for a school project. Anywho, the problem I am having is I can't seem to verify the password of the account I am trying to log into. Here is the code snippet I am having trouble with: $usr = $_REQUEST['Username']; $pass = $_REQUEST['Password']; $pass = md5($pass); if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass) { session_start(); $_SESSION['loggedin'] = yes; $_SESSION['User'] = $usr; $_POST['info'] = ("You have successfully logged in " . $usr . "."); } else { $_POST['info'] = "Username and password do not match.";} The problem is that it doesn't seem to matter if the username and password are correct, it always prints "Username and password do not match.". So, here is the table layout of 'Accounts': Did I type the mysql query wrong? Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/ Share on other sites More sharing options...
requinix Posted December 13, 2010 Share Posted December 13, 2010 if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass) That's not how it works. mysql_query returns a resource; give that resource to a function like mysql_fetch_array to get a row of data back (as an array). Then look at the ["Password"] to get your value. Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146472 Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Thanks man, it worked. Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146477 Share on other sites More sharing options...
JD* Posted December 13, 2010 Share Posted December 13, 2010 You're most of the way there, check this against your and see if you can get it to work: $result = mysql_query("SELECT password FROM Accounts WHERE Username = '".$_POST['Username']."'") or die(mysql_error()); if(mysql_num_rows($result) != 1) { echo "No such user exists"; unset($_POST); exit(); } if(md5($_POST['Password']) == mysql_result($result, 0, "Password")) { $_SESSION['loggedin'] = yes; $_SESSION['User'] = $usr; $_SESSION['message']= "You have successfully logged in " . $usr; } else { $_SESSION['message'] = "Username and password do not match."; UNSET($_POST); } Try not to use $_REQUEST, it's better to use $_POST and $_GET Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146480 Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Thanks dude . Why is $_REQUEST taboo? I am guessing it takes more processing time than $_GET or $_POST. Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146481 Share on other sites More sharing options...
laffin Posted December 13, 2010 Share Posted December 13, 2010 REQUEST can be either POST/GET, so a person may overwrite the outcome of one with the other. creating a security hole that wasnt intended. Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146484 Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Lol, oh. Thanks . Link to comment https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/#findComment-1146486 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.