unable to login

[nadeem14375]

Dear all,

 

I am new to PHP. here I want to develop a login page. what's wrong in the following page?

 

<?php

include ('/includes/dbConfig.php');

session_start();

// username and password sent from form

$email=$_POST['email'];

$password=md5($_POST['password']);

 

// To protect MySQL injection (more detail about MySQL injection)

$email = mysql_real_escape_string($email);

$password = mysql_real_escape_string($password);

 

$query="SELECT * FROM member_info WHERE email='$email' and password='$password'";

 

$result=mysql_query($query);

 

if (mysql_num_rows($result) != 1) {

//$error = "Bad Login";

echo "Bad Login";

 

}

else

{

header("location:index.php");

}

?>

 

Regards:

Muhammad Nadeem

[jackr1909]

are you using a version of 'php-login-script'

 

Thats probably a database error as the login looks alright, check to see the database corresponds to the query

[WebStyles]

yep. unless I'm missing something, code seems fine to me.

what exactly is the error? you just asked if there was anything wrong but you never told us what was happening when you try to login.

 

are you sure the stored passwords were also encrypted with md5() ? are you sure you're using the correct password?

 

set one of the passwords to 123, remove the md5() line and test again just to be sure.

 

[nadeem14375]

Thanks dear,

it gives error and don't let me to login,

now i remove the md5() and try to insert a row, in database. but it don't insert the password. the column name is password.

the other columns are successfully inserted in table.

 

[WebStyles]

ok, try this:

remove and password='$password' from your $query

then go back to your original code and change this:

if (mysql_num_rows($result) != 1) {
//$error = "Bad Login";
echo "Bad Login";
}

 

for this:

 

if (mysql_num_rows($result) != 1) {
//$error = "Bad Login";
   echo "Bad Login: Cannot find that email";
}else{
   echo "Must be wrong password";
}

 

 

Also, keep in mind that mysql_num_rows($result) != 1 checks to see if the result is 1 row. If that emails exists more than once in the database this will also fail because num_rows will be 2 or more.

Hope this helps

[nadeem14375]

dear,

 

without md5, its ok.

but when i store in database with md5, the i couldn't be able to login, as i mentioned.

 

1. before insertion convert to md5(). the password is now encrypted.

 

2. login time , before selecting from database, md5().

or

only select from database. both don't let me to login.

 

What's the problem?

 

 

ok, try this:

remove and password='$password' from your $query

then go back to your original code and change this:

if (mysql_num_rows($result) != 1) {
//$error = "Bad Login";
echo "Bad Login";
}

 

for this:

 

if (mysql_num_rows($result) != 1) {
//$error = "Bad Login";
   echo "Bad Login: Cannot find that email";
}else{
   echo "Must be wrong password";
}

 

 

Also, keep in mind that mysql_num_rows($result) != 1 checks to see if the result is 1 row. If that emails exists more than once in the database this will also fail because num_rows will be 2 or more.

Hope this helps

[WebStyles]

in that case, I'm guessing your database password field is not long enough for md5 hashes and they're being truncated (cut off) when inserted. You need 32 characters to store an md5 encrypted string.

 

check if password field is varchar (32)