Jump to content

Issue with php/mysql login script


ash992
Go to solution Solved by mac_gyver,

Recommended Posts

Hi everyone, so I programmed this login script a long time ago for a website I had, I'm now trying to reuse it and I can't get it to work, I've tried replacing everything, and testing things, I've found one problem but as far as I know the problem shouldn't be happening, here's the code.

<?php
include 'connect.php';
session_start();
$email = ($_POST['email']);
$pass = ($_POST['password']);

//check missing data
if($email == ''){
$_SESSION['errorsec'] = "Please enter an email address!";
header('Location: ../Checkout');
die();
}
if($pass == ''){
$_SESSION['errorsec'] = "Please enter a password!";
header('Location: ../Checkout');
die();
}

//Create query
$qry="SELECT * FROM Customers WHERE Email='$email' AND Password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {

//Login Successful
echo 'temp';
die();
}else{

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
header('Location: ../Checkout');
die();
}else {
die("Query failed");
}

?>




 

 

 

First of all I know that the email and password are being taken from the forms correctly as I've tried echo'ing them both, however the Issue that I've found is that even when the password and username are entered correctly, 

mysql_num_rows($result)

is still equal to 0, now I'm pretty bad with mysql hence reusing a script from a long time ago but I have no idea of what's going wrong really, 

 

Any help would be much' appreciated!

 

Thanks alot in advance.

Edited by ash992
Link to comment
Share on other sites

So you're not getting any errors? The code posted is missing a curly bracket:

<?php
     }else{
          //Login failed
          $_SESSION['errorsec'] = "Invalid email address or password";
          header('Location: ../Checkout');
          die();
     }  //<-- I added this bracket
 
}else {
     die("Query failed");
}
?>

If you don't see any errors, have you tried using mysql_error() to see if there are any MySQL errors. Note that the function needs to be called after the query is processed.

Link to comment
Share on other sites

yeah I added the curly bracket, I just mis-copied the code :(

 

erm well the error I'm getting is the output of 

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
header('Location: ../Checkout');
die();

however if I put something to test the conditional statments' success like by just echoing something there,

then the

if($result) {

is passed fine when the login details are correct, 

 

however the 

if(mysql_num_rows($result) == 1) {

doesn't work as mysql_num_rows($result) currently equals 0, even though the correct email and password are in the mysql database :s 

Link to comment
Share on other sites

Is the password stored in the database hashed with md5()? You need to use the same hashing function.

 

Side notes:

  • mysql_ functions have been depreciated. You'll need to start looking into the alternatives. I would link to the PHP manual, but Google says there is harmful content on that website. Instead you can search Google for MySQLi and/or PDO.
  • When querying a database, you need to escape any information which comes from an un-trusted source such as a form. Fields can be escaped with mysql_real_escape_string().
Link to comment
Share on other sites

yeah it is stored with md5 but it's also checked with md5 so it should be fine,

 

I'll try looking at the myqli and pdo stuff you mentioned though :) Thanks,

 

Also thanks for showing me the mysql_real_escape_string();

 

I'd never even heard of it :) 

Link to comment
Share on other sites

Did you try adding the mysql_error after the query is processed? Note that you'll need to comment out the header redirect so you can see any errors produced by PHP.

 

 

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');  //<-- COMMENT OUT THIS LINE
Link to comment
Share on other sites

}else {


echo 'it didn\'t work';
mysql_error();
die();
//Login failed
//$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');
//die();
}

there is no output when I changed it to that :\ not really sure if I was echoing the mysql error correctly as I've never used it, I'm just seeing if there's an alternative to the mysql_num_rows($result) as I believe that's the issue though I haven't found anything yet

Link to comment
Share on other sites

}else {
echo $email;
echo $pass;
echo md5($pass);
echo 'it didn\'t work';
echo mysql_error();
//Login failed
//$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');
//die();
}

weirdly all of these are outputting the correct thing, still the only thing that's not working is the mysql_num_rows($result) is equal to 0 instead of 1, that would usually mean that it can't find the correct username and password in the customers database, however I have the mysql database opened and they're both there and correspond exactly with the inputs.. :s

Edited by ash992
Link to comment
Share on other sites

  • Solution

you need to check if the row in the database contains exactly the username and the complete matching hash value that you get when you echo the query in $qry.

 

a common problem is your password field in the database table isn't long enough to hold the complete hash value. another possibility is when you initially inserted the row, you ended up with some white-space before/after the value(s).

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.