Login Not Working

[Krux20]

Hi,

 

Can someone tell me what's wrong with the code below it doesn't seem to work.

 

Thanks

 

<?php
session_start();
$con = mysqli_connect("");
$user = $_POST["user"];
$pass = $_POST["pass"];
$sql = "SELECT FirstName FROM Customer
WHERE FirstName = \"$user\"
AND Password = MD5(\"$pass\")";

$res = mysqli_query($con, $sql);
if (mysqli_num_rows($res)==1){
$_SESSION["md"] = $user;
header("Location: order.php");
}else{
header("Location: login.php?authorise=false");
}
?>

[ChrisPHP]

Hey,

 

Try using $con=mysql_connect("localhost","root","");

[Krux20]

Hi,

 

It can connect to the database.

[PFMaBiSmAd]

Since you didn't bother to state what symptom or error you get when you run the code, it's not possible to directly help you pin down which of the dozen different things the code or your form could be doing that leads you to believe your code isn't working like you expect.

 

Care to share what happened in front of you when you ran your code?

[ChrisPHP]

Are you sure ur using the "post" right in the previous page?

[Krux20]

Hi,

 

When I try to login with the username and password that is stored in the database. The password is encrypted with MD5. So, when I try to login it goes to the else statement in the php code.

 

<p>Please Login Below If You have An Existing Account</p>
<form action="checklogin.php" method="POST">
<label>Username:</label>
<input type="text" name="user"><br>
<label>Password:</label>
<input type="password" name="pass">
<input type="submit" value="Submit">
</form>

[Andy123]

I never used double quotes in SQL, so I wonder if that could be causing you trouble? Did you try to run the generated query in a database management tool such as phpMyAdmin? You can see if your SQL query gives you any errors like this:

 

if (!mysqli_query($con, "your query")) {
die('Query error: ' . mysqli_error($con));
}

 

I would also look into prepared statements, i.e. binding your parameters.

[Krux20]

Okay, I tried using another table and it seems to be working, but when I try using the Customer table from the database it doesn't work for some reason. The table I tried was in another database.

[PFMaBiSmAd]

I'm going to guess that your password field in the table isn't long enough to hold a the hashed value or the hashing method used when entering the password in the table isn't the same as what you are using in your login code.

 

You actually should hash your password in your php code and put the hashed value into the query (this will prevent a plain-text password from being sent from php to mysql) and it will also allow you to echo/print out the actual complete query so that you can look at the values being put into it and compare them manually with the data you have stored in your database table, which is what you will need to do to find why the query isn't matching a row in your database table.

[Krux20]

Oh, that was silly of me I thought the password field was long enough to hold the hashed value. Thank you everyone for your help.