Jump to content

Issue with php/mysql login script

ash992

By ash992
in PHP Coding Help

Recommended Posts

ash992 Member

ash992

Posted
Posted

Hi everyone, so I programmed this login script a long time ago for a website I had, I'm now trying to reuse it and I can't get it to work, I've tried replacing everything, and testing things, I've found one problem but as far as I know the problem shouldn't be happening, here's the code.

<?php
include 'connect.php';
session_start();
$email = ($_POST['email']);
$pass = ($_POST['password']);

//check missing data
if($email == ''){
$_SESSION['errorsec'] = "Please enter an email address!";
header('Location: ../Checkout');
die();
}
if($pass == ''){
$_SESSION['errorsec'] = "Please enter a password!";
header('Location: ../Checkout');
die();
}

//Create query
$qry="SELECT * FROM Customers WHERE Email='$email' AND Password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {

//Login Successful
echo 'temp';
die();
}else{

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
header('Location: ../Checkout');
die();
}else {
die("Query failed");
}

?>




 

 

 

First of all I know that the email and password are being taken from the forms correctly as I've tried echo'ing them both, however the Issue that I've found is that even when the password and username are entered correctly, 

mysql_num_rows($result)

is still equal to 0, now I'm pretty bad with mysql hence reusing a script from a long time ago but I have no idea of what's going wrong really, 

 

Any help would be much' appreciated!

 

Thanks alot in advance.

Link to comment
https://forums.phpfreaks.com/topic/283234-issue-with-phpmysql-login-script/
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

So you're not getting any errors? The code posted is missing a curly bracket:

<?php
     }else{
          //Login failed
          $_SESSION['errorsec'] = "Invalid email address or password";
          header('Location: ../Checkout');
          die();
     }  //<-- I added this bracket
 
}else {
     die("Query failed");
}
?>

If you don't see any errors, have you tried using mysql_error() to see if there are any MySQL errors. Note that the function needs to be called after the query is processed.

ash992 Member

ash992

Posted
  • Author
Posted

yeah I added the curly bracket, I just mis-copied the code :(

 

erm well the error I'm getting is the output of 

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
header('Location: ../Checkout');
die();

however if I put something to test the conditional statments' success like by just echoing something there,

then the

if($result) {

is passed fine when the login details are correct, 

 

however the 

if(mysql_num_rows($result) == 1) {

doesn't work as mysql_num_rows($result) currently equals 0, even though the correct email and password are in the mysql database :s 

cyberRobot Prolific Member

cyberRobot

Posted
Posted

Is the password stored in the database hashed with md5()? You need to use the same hashing function.

 

Side notes:

  • mysql_ functions have been depreciated. You'll need to start looking into the alternatives. I would link to the PHP manual, but Google says there is harmful content on that website. Instead you can search Google for MySQLi and/or PDO.
  • When querying a database, you need to escape any information which comes from an un-trusted source such as a form. Fields can be escaped with mysql_real_escape_string().
cyberRobot Prolific Member

cyberRobot

Posted
Posted

Did you try adding the mysql_error after the query is processed? Note that you'll need to comment out the header redirect so you can see any errors produced by PHP.

 

 

//Login failed
$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');  //<-- COMMENT OUT THIS LINE
ash992 Member

ash992

Posted
  • Author
Posted 
}else {


echo 'it didn\'t work';
mysql_error();
die();
//Login failed
//$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');
//die();
}

there is no output when I changed it to that :\ not really sure if I was echoing the mysql error correctly as I've never used it, I'm just seeing if there's an alternative to the mysql_num_rows($result) as I believe that's the issue though I haven't found anything yet

ash992 Member

ash992

Posted
  • Author
Posted 
}else {
echo $email;
echo $pass;
echo md5($pass);
echo 'it didn\'t work';
echo mysql_error();
//Login failed
//$_SESSION['errorsec'] = "Invalid email address or password";
//header('Location: ../Checkout');
//die();
}

weirdly all of these are outputting the correct thing, still the only thing that's not working is the mysql_num_rows($result) is equal to 0 instead of 1, that would usually mean that it can't find the correct username and password in the customers database, however I have the mysql database opened and they're both there and correspond exactly with the inputs.. :s

mac_gyver Prolific Member

mac_gyver

Posted
Posted

you need to check if the row in the database contains exactly the username and the complete matching hash value that you get when you echo the query in $qry.

 

a common problem is your password field in the database table isn't long enough to hold the complete hash value. another possibility is when you initially inserted the row, you ended up with some white-space before/after the value(s).

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.