Jump to content

A simple question with mysql


Killer1390

Recommended Posts

Well, basically I am making my log in script. This is my first website with php and MySQL... actually, its my first website I have done that isn't for a school project.

 

Anywho, the problem I am having is I can't seem to verify the password of the account I am trying to log into.

 

Here is the code snippet I am having trouble with:

$usr = $_REQUEST['Username'];
$pass = $_REQUEST['Password'];
$pass = md5($pass);
if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass)
{
session_start();
$_SESSION['loggedin'] = yes;
$_SESSION['User'] = $usr;
$_POST['info'] = ("You have successfully logged in " . $usr . ".");
} else { $_POST['info'] = "Username and password do not match.";}

 

The problem is that it doesn't seem to matter if the username and password are correct, it always prints "Username and password do not match.".

 

So, here is the table layout of 'Accounts':

thing.png

 

Did I type the mysql query wrong?

 

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/221466-a-simple-question-with-mysql/
Share on other sites

if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass)

That's not how it works. mysql_query returns a resource; give that resource to a function like mysql_fetch_array to get a row of data back (as an array). Then look at the ["Password"] to get your value.

You're most of the way there, check this against your and see if you can get it to work:

 

$result = mysql_query("SELECT password FROM Accounts WHERE Username = '".$_POST['Username']."'") or die(mysql_error());			
if(mysql_num_rows($result) != 1) { echo "No such user exists"; unset($_POST); exit(); }
if(md5($_POST['Password']) == mysql_result($result, 0, "Password"))
{
$_SESSION['loggedin'] = yes;	
$_SESSION['User'] = $usr;
$_SESSION['message']= "You have successfully logged in " . $usr;
} else { 
$_SESSION['message'] = "Username and password do not match.";
UNSET($_POST);
}

 

Try not to use $_REQUEST, it's better to use $_POST and $_GET

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.