youri Posted June 9, 2011 Share Posted June 9, 2011 Hello, I have a login. Everything works correct, except the password check. I can fill in anything and I Log in. Can anyone help me to check this out? Thanks in advance! <?php session_start(); $username = ($_POST['username']); $password = ($_POST['password']); if ($username&&$password) { $connect=mysql_connect("localhost", "forum", "") or die("Could not connect."); mysql_select_db("name") or die("Couldn't find db"); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } // check to see if they match if ($username==$dbusername&&sha1(md5($password)==$dbpassword)) { header("location:homee.php"); $_SESSION ['username']=$username; exit; } else echo("Incorrect password!"); include("index.php"); exit; } else echo("that user doesn't exist"); include("index.php"); exit; } else echo("Please enter username and password "); include("index.php"); exit; ?> Quote Link to comment https://forums.phpfreaks.com/topic/238867-php-login/ Share on other sites More sharing options...
dragon_sa Posted June 9, 2011 Share Posted June 9, 2011 try changing this if ($username==$dbusername&&sha1(md5($password)==$dbpassword)) to if ($username==$dbusername&&sha1(md5($password))==$dbpassword) note the movement of one of the brackets in password Quote Link to comment https://forums.phpfreaks.com/topic/238867-php-login/#findComment-1227386 Share on other sites More sharing options...
fugix Posted June 9, 2011 Share Posted June 9, 2011 if that still does not work, try to echo out both the password that is stored in your database, $row['password'], and the encrypted user given password, sha1(md5($password), to make sure you are getting the results that you want from your encryption Quote Link to comment https://forums.phpfreaks.com/topic/238867-php-login/#findComment-1227393 Share on other sites More sharing options...
revraz Posted June 9, 2011 Share Posted June 9, 2011 Another thing to check, make sure you write the password the same way you read it (2 hashes) and also make sure you DB Field length is long enough to hold it. Quote Link to comment https://forums.phpfreaks.com/topic/238867-php-login/#findComment-1227439 Share on other sites More sharing options...
chintansshah Posted June 9, 2011 Share Posted June 9, 2011 Hi youri, I think you should check in your html form also where you have taken password field name. Please confirm element name. This was happened with me. Quote Link to comment https://forums.phpfreaks.com/topic/238867-php-login/#findComment-1227468 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.