Gotharious Posted November 5, 2011 Share Posted November 5, 2011 Hello All, I have this problem, no matter if I typed the wrong or right email and password, I always get Login failed message here is my code index.php <td class="white-text">Email: <form name="form1" method="post" action="/admin/Login.php"> <label for="user"></label> <input type="text" name="email" /> </td> </tr> <tr> <td><p><strong class="white-text">Password:</strong></p> <label for="sdf"></label> <input type="password" name="password" /> <p class="sdf"><strong></strong><a href="#" class="white-link-underline"><strong></strong></a> <input type="submit" name="submit" id="submit" value="Submit" /> </p> </form> </td> Login.php <?php session_start(); $con = mysql_connect("localhost","123","123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("123", $con); if (isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); $password = mysql_real_escape_string($_POST['password']); //Query $results = mysql_query("SELECT * FROM users WHERE 'email' = '$email' AND password = '$password' "); if(!$result) { $_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>'; } else { $row = mysql_fetch_assoc($results); $_SESSION['userid'] = $row['id']; $_SESSION['email'] = $email; $_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email; } mysql_close($con); } header('Location: ./index.php') ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 5, 2011 Share Posted November 5, 2011 Your result resource is stored in $results, but your're checking for it in $result. However, the logic you're using is faulty. The way the code is currently written, as long as the query doesn't fail, the user is considered logged in. A query that runs but returns an empty results set is not a failed query, so as long as the query executes, it doesn't matter if the username and password even exist in the database, the user will be given the logged in message and redirected. It would also be a good idea to stop embedding the query string inside mysql_query(). Assign it to a variable and use the variable to execute the query. Then when you have query failures, you can echo/log the query string along with the error message returned by mysql_error(). Quote Link to comment Share on other sites More sharing options...
Gotharious Posted November 5, 2011 Author Share Posted November 5, 2011 Ok I tried using session_register, but now, instead of always unable to login, it now always logged in, then after a few tried it's always wrong username and password if (isset($_POST['email'])) { $email = $_POST['email']; $password = $_POST['password']; //Query $results = mysql_query("SELECT * FROM users WHERE email = '$email' AND password = '$password' "); if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("email"); session_register("password"); header("location:index.php"); } else { echo "Wrong Username or Password"; } mysql_close($con); } ?> index.php <? session_start(); if(!session_is_registered(password)){ header("location:logout.php"); } ?> Login Successful <a href="Users.php">Conitnue</a> Quote Link to comment Share on other sites More sharing options...
Gotharious Posted November 5, 2011 Author Share Posted November 5, 2011 DonE fixed the problem in my last reply was that I forgot to add the line that counts the number of rows <?php $count=mysql_num_rows($results); ?> When I added that line, it worked perfectly Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 5, 2011 Share Posted November 5, 2011 session_register and session_is_registered are both deprecated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.