Login Problem

[Gotharious]

Hello All,

 

I have this problem, no matter if I typed the wrong or right email and password, I always get Login failed message

here is my code

 

index.php

 

<td class="white-text">Email: 
                      <form name="form1" method="post" action="/admin/Login.php">
                        <label for="user"></label>
                        <input type="text" name="email" />
                      </td>
                  </tr>
                  <tr>
                    <td><p><strong class="white-text">Password:</strong></p>  <label for="sdf"></label>
                        <input type="password" name="password" />
                      
                      <p class="sdf"><strong></strong><a href="#" class="white-link-underline"><strong></strong></a>
                        <input type="submit" name="submit" id="submit" value="Submit" />
                      </p>
                      </form>
                      </td>

 

Login.php

 

<?php

session_start();

$con = mysql_connect("localhost","123","123");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("123", $con);

if (isset($_POST['email']))
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

//Query

$results = mysql_query("SELECT * FROM users WHERE 'email' = '$email' AND password = '$password' ");

if(!$result) {
$_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>';	
} else {
         
	$row = mysql_fetch_assoc($results);
	$_SESSION['userid'] = $row['id'];
	$_SESSION['email'] = $email;
	$_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email;	

}
mysql_close($con);

}

header('Location: ./index.php')
?>

[Pikachu2000]

Your result resource is stored in $results, but your're checking for it in $result.

 

However, the logic you're using is faulty. The way the code is currently written, as long as the query doesn't fail, the user is considered logged in. A query that runs but returns an empty results set is not a failed query, so as long as the query executes, it doesn't matter if the username and password even exist in the database, the user will be given the logged in message and redirected.

 

It would also be a good idea to stop embedding the query string inside mysql_query(). Assign it to a variable and use the variable to execute the query. Then when you have query failures, you can echo/log the query string along with the error message returned by mysql_error().

[Gotharious]

Ok I tried using session_register, but now, instead of always unable to login, it now always logged in, then after a few tried it's always wrong username and password

 

if (isset($_POST['email']))
{
$email = $_POST['email'];
$password = $_POST['password'];

//Query

$results = mysql_query("SELECT * FROM users WHERE email = '$email' AND password = '$password' ");

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("email");
session_register("password"); 
header("location:index.php");
}
else {
echo "Wrong Username or Password";
}

mysql_close($con);

}

?>

 

index.php

 

<? 
session_start();
if(!session_is_registered(password)){
header("location:logout.php");
}
?>


Login Successful <a href="Users.php">Conitnue</a>

[Gotharious]

DonE

fixed

 

the problem in my last reply was that I forgot to add the line that counts the number of rows

 

<?php
$count=mysql_num_rows($results);

?>

 

When I added that line, it worked perfectly

 

[Pikachu2000]

session_register and session_is_registered are both deprecated.