Jump to content

Recommended Posts

Hi All,

 

I have currently been working on a login/registration system for a university project and I am now struggling with the login section. The problem is with one particular function and an if statement. The function checks to see if the username and password entered matches the username and password in the database but each time I get it echoing username/password incorrect.

 

the function is

function valid_credentials($user, $pass)
{
$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT(`user_username`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

 

and the statement is

if (valid_credentials($_POST['username'], $_POST['password']) == false)
{
	$errors = 'Username/Password incorrect.';		
}

 

Any help would be greatly appreciated as this has been bugging me for the past 5 days :/

Link to comment
https://forums.phpfreaks.com/topic/254716-user-login-and-registration-system/
Share on other sites

IF you are using unique id's, might try...

 

function valid_credentials($user, $pass) {
$user = mysql_real_escape_string($user);
$pass1 = sha1($pass);
$query = "SELECT id FROM users WHERE user_username = '$user' AND user_password =  '$pass1'";
$result = mysql_query($query);
if(mysql_num_rows($result)>0) {
	$row = mysql_fetch_array($result);
	return $row['id'];
}else(
	return 0;
)
}

if function returns 0 then no match; otherwise the value will be the id of the match.

 

There's close to a dozen different things that could prevent your code from working, from invalid HTML in your form all the way to a database field that is not long enough to hold a sha1 value.

 

What have you done to narrow down exactly at what point the code, data values, and query that you posted are doing what you expect and exactly at what point they are not? I can guarantee that the problem lies between those two points.

 

Have you checked if $user and $pass values you are putting into the query statement have the values you expect and exactly match a row in your database table? Have you checked if the mysql_query statement is returning a false value (the query failed due to an error of some kind, such as an incorrect column name) or if it is returning a result resource (the query executed without error)? Have you checked what value the mysql_result statement is returning?

 

Short-answer: we don't have access to all your code, your database table definition, the data in your database, or your server. We cannot even tell if the query statement you posted has the correct table and column names in it. After you narrow down the problem to one section of code, you have to check each individual statement/value/query in that section of code to find out what is failing.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.