ecabrera Posted November 10, 2014 Share Posted November 10, 2014 I can seem to login it tells me to check my password and username but i dont know the username and password are correct here is my whole code <?php //start the sessoin session_start(); //connect to db require "scripts/connect.php"; $username = $_POST['username']; $password = $_POST['password']; $username = mysqli_real_escape_string($db,$username); $password = mysqli_real_escape_string($db,$password); if(isset($_POST['loginbtn'])){ if(!empty($username) && !empty($password)){ //sql command $getstaff = "SELECT * FROM `users` WHERE `username` = '$username'"; //execute the query $query = mysqli_query($db,$getstaff); //get the number of rows $num_rows = mysqli_num_rows($query); if($num_rows != 0){ //get the info $rows = mysqli_fetch_assoc($query); //setting the data in indivaul variables $dbusername = $rows['username']; $dbpassword = $rows['password']; //getting the password the user enter and making it hash //in order for it to match in the database $password = md5($password); if($dbusername === $username && $dbpassword === $password){ //create the session $_SESSION['username'] = $username; //redircet them to the control panel header("location: controlpanel.php"); }else $msg = "Please check your username or password"; }else $msg = "User does not exist"; }else $msg = "Please enter your username and password"; } ?> This is where it is giving me a hard time if($dbusername === $username && $dbpassword === $password){ //create the session $_SESSION['username'] = $username; //redircet them to the control panel header("location: controlpanel.php"); }else $msg = "Please check your username or password"; Any ideas why its not letting me enter Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/ Share on other sites More sharing options...
ginerjm Posted November 10, 2014 Share Posted November 10, 2014 Is it possible that your password is actually being escaped and therefore doesn't match the hashed db password? FYI - it is better to hash your incoming password and then do your query to match on both username and the hashed password (meaning you only store a hashed password) and then check if you got 1 row instead of just checking for username. Actually that could also be your problem if you have multiple uses of a single 'username' value. Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496216 Share on other sites More sharing options...
ecabrera Posted November 10, 2014 Author Share Posted November 10, 2014 This has work for me in the past i dont know why its dont working now Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496221 Share on other sites More sharing options...
ginerjm Posted November 10, 2014 Share Posted November 10, 2014 I gave you two possible reasons. Have you debugged them? Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496227 Share on other sites More sharing options...
ecabrera Posted November 10, 2014 Author Share Posted November 10, 2014 No I think it has to do with a hosting issue because I'm using the same script on another server and it works fine Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496229 Share on other sites More sharing options...
mac_gyver Posted November 10, 2014 Share Posted November 10, 2014 you always have to debug what your code and data are doing in order to find out where the problem is at. i can list a dozen+ different things that would cause your script produce the result it is. do you have php's error_reporting set to E_ALL and either display_errors or log_errors set to ON and have checked for any resulting php errors? have you determined which values in the if(...) statement are causing the comparison to fail? Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496231 Share on other sites More sharing options...
QuickOldCar Posted November 10, 2014 Share Posted November 10, 2014 <?php //error reporting error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); //start the session session_start(); //connect to db require_once("scripts/connect.php"); if (isset($_POST['loginbtn'])) { $errors = array(); if (isset($_POST['username']) && trim($_POST['username']) != '') { $username = mysqli_real_escape_string($db, trim($_POST['username'])); } else { $errors[] = "Missing username"; } if (isset($_POST['password']) && trim($_POST['password']) != '') { $password = mysqli_real_escape_string($db, md5(trim($_POST['password']))); } else { $errors[] = "Missing password"; } if ($username && $password) { $getstaff = "SELECT (username,password) FROM `users` WHERE `username` = '" . $username . "' AND `password` = '" . $password . "'"; if ($result = mysqli_query($db, $getstaff)) { while ($row = mysqli_fetch_row($result)) { //create the session $_SESSION['username'] = $row['username']; //redirect them to the control panel header("Location: controlpanel.php"); exit(); } } else { $errors[] = "No Results"; } } else { $errors[] = "username or password missing"; } } if (!empty($errors)) { foreach ($errors as $error) { echo $error . "<br />"; } } if ($db) { mysqli_close($db); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496232 Share on other sites More sharing options...
ecabrera Posted November 10, 2014 Author Share Posted November 10, 2014 This is whats causing the problem something in this code not letting me in but i don't know what it is if($dbusername === $username && $dbpassword === $password){ session_start(); $_SESSION['username'] = $dbusername; header("location: home.php"); }else $msg = "<p class='message'>Check your email or password.</p>"; Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496251 Share on other sites More sharing options...
ginerjm Posted November 10, 2014 Share Posted November 10, 2014 Then you know what the problem is!! Either the two username vars don't match OR the two password vars don't match. Why don't you echo them out so that you can see what they look like and see if they are what you expect? That's called debugging. Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496253 Share on other sites More sharing options...
ecabrera Posted November 10, 2014 Author Share Posted November 10, 2014 That's the first thing I did and they do match Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496255 Share on other sites More sharing options...
Solution mac_gyver Posted November 10, 2014 Solution Share Posted November 10, 2014 use var_dump() on the values, as that would also show the length, in case there's some non-printing/white-space characters as part of the data. 1 Quote Link to comment https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496257 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.