login query

simmsy · August 19, 2012

Hi I have login query, pretty simple code but keeps coming up with wrong password even though I know its correct, any ideas?

thanks

<?php

include "connect.php";

$username = mysql_real_escape_string($_POST['username']);

$password = md5($_POST['password']);

$login="SELECT * FROM users WHERE username='$username' and password='$password'";

$result=mysql_query($login);

$count=mysql_num_rows($result);

if($count==1){

session_register("username");

session_register("password");

header("location: index.php");

}else{

echo "Wrong Username or Password";

}

?>

Drongo_III · August 19, 2012

Are you quite sure your connection is working?

or

Are you sure there isn't more than one row in your table that matches your criteria? Therefore your $result actually contains 2+? Because you're specifically looking for 1 in your if statement.

To test that you could just do:

if($count >0){

}

or

Are you quite sure your password is actually stored as an MD5?

Just a thought.

floridaflatlander · August 19, 2012

I think session_register is deprecated. Use $_SESSION['thing'] = 'thing';

Also why put the password in a session?

And what Drongo_III said.

Are you quite sure your password is actually stored as an MD5?

simmsy · August 19, 2012

Yea I tried this and comes up with wrong username or password, but when I removed the password from select it found the username so its something to do with the password but unsure what? thanks

<?php

include "connect.php";

$username = mysql_real_escape_string($_POST['username']);

$password = md5($_POST['password']);

$login="SELECT * FROM users WHERE username='$username' and password='$password'";

$result=mysql_query($login);

$count=mysql_num_rows($result);

if($count >0){

header("location: index.php");

}else{

echo "Wrong Username or Password";

}

?>

NLT · August 19, 2012

Yea I tried this and comes up with wrong username or password, but when I removed the password from select it found the username so its something to do with the password but unsure what? thanks

<?php

include "connect.php";

$username = mysql_real_escape_string($_POST['username']);

$password = md5($_POST['password']);

$login="SELECT * FROM users WHERE username='$username' and password='$password'";

$result=mysql_query($login);

$count=mysql_num_rows($result);

if($count >0){

header("location: index.php");

}else{

echo "Wrong Username or Password";

}

?>

Are you using md5 when you register?

If not, then you need to md5 your password. You can use md5 or you can use one online.

If you have, then have you tried to echo the plain text of $_POST['password']?

simmsy · August 19, 2012

I just tried echoing the md5($_POST['password']) and it is the same as the in the mysql from signup, so this is correct but still not being able to find it from the table? this is my registration code

<?php

include "connect.php";

$username = mysql_real_escape_string($_POST['username']);

$password = md5($_POST['password']);

$repassword = md5($_POST['re-password']);

$email = mysql_real_escape_string($_POST['email']);

if ($password==$repassword){

mysql_query("INSERT INTO users (username, password, email)

VALUES ('$username', '$password','$email')");

echo "Sucess";

}else{

echo "Passwords do not match";

}

mysql_close();

?>

Christian F. · August 19, 2012

Simmy: Please use the

tags when posting code, as it'll help make both your post and your code a lot easier to read. Thank you.

Not to mention, I strongly recommend reading the following article, and reading it until you understand it fully:

http://www.openwall.com/articles/PHP-Users-Passwords

Before anyone asks/comments: Yes, it is necessary. Just consider how many places you use the same username and password, and what could happen if anyone got them?

Drongo_III · August 19, 2012

Don't know if the case of your query makes any difference but as a long shot you could could change the WHERE clause so that it actually says "AND password=' " instead of "and password=' "

Maybe...

Edit: scratch that...they aren;t case senstive

floridaflatlander · August 19, 2012

...... but still not being able to find it from the table?

What does this mean? How big is your table? If it is big can you use phpmyadmin to look up the username to view the hashed password to see if they match.

This is good but do this later, first thing first.

Not to mention, I strongly recommend reading the following article, and reading it until you understand it fully:

http://www.openwall.com/articles/PHP-Users-Passwords

PFMaBiSmAd · August 19, 2012

What is the length of your password field in your database table?

simmsy · August 19, 2012

yea the hashed passwords match and used length of 30 password but only used a 5 letter word to test

floridaflatlander · August 19, 2012

... only used a 5 letter word to test

That doesn't matter, md5 will make the hashed pw string 32 charters long.

If your db table is only allowing 30 or less charactors it's cutting 2 off.

simmsy · August 19, 2012

Yea that was the problem thanks alot for that can carry on with it now

Sign In

login query

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information