Jump to content

Not Logging In


Go to solution Solved by mac_gyver,

Recommended Posts

I can seem to login it tells me to check my password and username but i dont know the username and password are correct

here is my whole code 

<?php
	//start the sessoin
	session_start();
	
	//connect to db
	require "scripts/connect.php";
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	
	$username = mysqli_real_escape_string($db,$username);
	$password = mysqli_real_escape_string($db,$password);

	if(isset($_POST['loginbtn'])){

	if(!empty($username) && !empty($password)){
	
	//sql command
	$getstaff = "SELECT * FROM `users` WHERE `username` = '$username'";
	
	//execute the query 
	$query = mysqli_query($db,$getstaff);
	
	//get the number of rows
	$num_rows = mysqli_num_rows($query);
	
	if($num_rows != 0){
	
	//get the info
	$rows = mysqli_fetch_assoc($query);
	
	//setting the data in indivaul variables
	$dbusername = $rows['username'];
	$dbpassword = $rows['password'];
	
	//getting the password the user enter and making it hash
	//in order for it to match in the database
	$password = md5($password);

	if($dbusername === $username && $dbpassword === $password){
	
		//create the session
		$_SESSION['username'] = $username;
		//redircet them to the control panel
		header("location: controlpanel.php");
	
	}else
		$msg = "Please check your username or password";
	}else
		$msg = "User does not exist";
	}else
		$msg = "Please enter your username and password";
	}
?>

This is where it is giving me a hard time


	if($dbusername === $username && $dbpassword === $password){
	
		//create the session
		$_SESSION['username'] = $username;
		//redircet them to the control panel
		header("location: controlpanel.php");
	
	}else
		$msg = "Please check your username or password";

Any ideas why its not letting me enter

Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/
Share on other sites

Is it possible that your password is actually being escaped and therefore doesn't match the hashed db password?

 

FYI - it is better to hash your incoming password and then do your query to match on both username and the hashed password (meaning you only store a hashed password) and then check if you got 1 row instead of just checking for username.  Actually that could also be your problem if you have multiple uses of a single 'username' value.

Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496216
Share on other sites

you always have to debug what your code and data are doing in order to find out where the problem is at. i can list a dozen+ different things that would cause your script produce the result it is.

 

do you have php's error_reporting set to E_ALL and either display_errors or log_errors set to ON and have checked for any resulting php errors?

 

have you determined which values in the if(...) statement are causing the comparison to fail?

Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496231
Share on other sites


<?php
//error reporting
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

//start the session
session_start();

//connect to db
require_once("scripts/connect.php");

if (isset($_POST['loginbtn'])) {

$errors = array();

if (isset($_POST['username']) && trim($_POST['username']) != '') {

$username = mysqli_real_escape_string($db, trim($_POST['username']));

} else {

$errors[] = "Missing username";

}

if (isset($_POST['password']) && trim($_POST['password']) != '') {

$password = mysqli_real_escape_string($db, md5(trim($_POST['password'])));

} else {

$errors[] = "Missing password";

}

if ($username && $password) {

$getstaff = "SELECT (username,password) FROM `users` WHERE `username` = '" . $username . "' AND `password` = '" . $password . "'";

if ($result = mysqli_query($db, $getstaff)) {
while ($row = mysqli_fetch_row($result)) {
//create the session
$_SESSION['username'] = $row['username'];
//redirect them to the control panel
header("Location: controlpanel.php");
exit();
}

} else {
$errors[] = "No Results";
}

} else {

$errors[] = "username or password missing";

}

}

if (!empty($errors)) {
foreach ($errors as $error) {
echo $error . "<br />";
}
}

if ($db) {
mysqli_close($db);
}
?>
Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496232
Share on other sites

This is whats causing the problem something in this code not letting me in but i don't know what it is

if($dbusername === $username && $dbpassword === $password){

session_start();
$_SESSION['username'] = $dbusername;
header("location: home.php");

}else
    $msg = "<p class='message'>Check your email or password.</p>";
Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496251
Share on other sites

Then you know what the problem is!!  Either the two username vars don't match OR the two password vars don't match.    Why don't you echo them out so that you can see what they look like and see if they are what you expect?  That's called debugging.

Link to comment
https://forums.phpfreaks.com/topic/292387-not-logging-in/#findComment-1496253
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.