Jump to content

Recommended Posts

Hi,

 

Can someone tell me what's wrong with the code below it doesn't seem to work.

 

Thanks

 





<?php
session_start();
$con = mysqli_connect("");
$user = $_POST["user"];
$pass = $_POST["pass"];
$sql = "SELECT FirstName FROM Customer
WHERE FirstName = \"$user\"
AND Password = MD5(\"$pass\")";

$res = mysqli_query($con, $sql);
if (mysqli_num_rows($res)==1){
$_SESSION["md"] = $user;
header("Location: order.php");
}else{
header("Location: login.php?authorise=false");
}
?>












Edited by Krux20
Link to comment
https://forums.phpfreaks.com/topic/271780-login-not-working/
Share on other sites

Since you didn't bother to state what symptom or error you get when you run the code, it's not possible to directly help you pin down which of the dozen different things the code or your form could be doing that leads you to believe your code isn't working like you expect.

 

Care to share what happened in front of you when you ran your code?

Link to comment
https://forums.phpfreaks.com/topic/271780-login-not-working/#findComment-1398357
Share on other sites

Hi,

 

When I try to login with the username and password that is stored in the database. The password is encrypted with MD5. So, when I try to login it goes to the else statement in the php code.

 

<p>Please Login Below If You have An Existing Account</p>
<form action="checklogin.php" method="POST">
<label>Username:</label>
<input type="text" name="user"><br>
<label>Password:</label>
<input type="password" name="pass">
<input type="submit" value="Submit">
</form>

Edited by Krux20
Link to comment
https://forums.phpfreaks.com/topic/271780-login-not-working/#findComment-1398361
Share on other sites

I never used double quotes in SQL, so I wonder if that could be causing you trouble? Did you try to run the generated query in a database management tool such as phpMyAdmin? You can see if your SQL query gives you any errors like this:

 


if (!mysqli_query($con, "your query")) {
die('Query error: ' . mysqli_error($con));
}

 

I would also look into prepared statements, i.e. binding your parameters.

Link to comment
https://forums.phpfreaks.com/topic/271780-login-not-working/#findComment-1398362
Share on other sites

I'm going to guess that your password field in the table isn't long enough to hold a the hashed value or the hashing method used when entering the password in the table isn't the same as what you are using in your login code.

 

You actually should hash your password in your php code and put the hashed value into the query (this will prevent a plain-text password from being sent from php to mysql) and it will also allow you to echo/print out the actual complete query so that you can look at the values being put into it and compare them manually with the data you have stored in your database table, which is what you will need to do to find why the query isn't matching a row in your database table.

Link to comment
https://forums.phpfreaks.com/topic/271780-login-not-working/#findComment-1398365
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.