Jump to content

php login

yogibear

By yogibear
in PHP Coding Help

 Share

Recommended Posts

yogibear Member

yogibear

Posted
Posted

Hi all

 

I found this login and thought it would be perfect for my site http://php.about.com/od/finishedphp1/ss/php_login_code_5.htm however its a little more advanced than i am used to and its not working right it keeps saying Incorrect password, please try again. when the password is correct all the validation works and it checks the username fine.

 

<?php
$host="localhost"; // Host name 
$username="***"; // Mysql username 
$password="***"; // Mysql password 
$db_name="***"; // Database name 
$tbl_name="userinformation"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM userinformation WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: members.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM userinformation WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: members.php");
}

}

} else {	

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>

<?php
}


?>

 

any ideas what the problem

 

many thanks

 

yogi

Link to comment
Share on other sites
sspoke Member

sspoke

Posted
Posted

looks like a mess hard too understand whats going on you md5 the post request password  and check it with password thats in mysql but  you also stripslashes from the mysql password are you sure its md5?

 

and this part

 

if ($pass != $info['password'])

{

 

}

 

else

{

header("Location: members.php");

 

}

 

 

sup with that could of used something like this

 

if ($pass == $info['password'])

  header("Location: members.php");

 

all though i like this

 

<?php

}

?>

;D

Link to comment
Share on other sites
sspoke Member

sspoke

Posted
Posted

its very simple.. but its poorly formatted thats a SIMPLE code man it should go to members.php no problem..

 

jsut change

 

$_POST['pass'] = md5($_POST['pass']);

 

to

 

//$_POST['pass'] = md5($_POST['pass']);

 

just for a test... see if it checks correctly

 

 

wait how does the register code look like??

Link to comment
Share on other sites
yogibear Member

yogibear

Posted
  • Author
Posted

Hi still getting the same

<?php 
// Connects to your Database 
mysql_connect("localhost", "***", "***") or die(mysql_error()); 
mysql_select_db("***") or die(mysql_error()); 

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM userinformation WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database 

$insert="INSERT INTO userinformation (username, password)
VALUES ('$_POST[username]','$_POST[pass]')";




$add_member = mysql_query($insert);
?>

<!-- Now we let them know if their registration was successful -->
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php 
} 
else 
{	
?>

<!-- This is what they see before they have registered -->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>

<?php 
} 
?>

This all seems to work fine but i am still get the Incorrect password, please try again. when i try to login

 

thanks for your help

 

yogi

Link to comment
Share on other sites
yogibear Member

yogibear

Posted
  • Author
Posted

Hi i cant get your code to work it keeps saying "Unknown column 'test' in 'where clause'" the test is what i typed into the username textbox this is my code

<?php 
if(isset($_POST['submit'])){ 
    $dbHost = "localhost";        //Location Of Database usually its localhost 
    $dbUser = "***";            //Database User Name 
    $dbPass = "***";            //Database Password 
    $dbDatabase = "***";    //Database Name 
     
    $db = mysql_connect("$dbHost","$dbUser","$dbPass")or die("Error connecting to database."); 
    //Connect to the databasse 
    mysql_select_db("$dbDatabase", $db)or die("Couldn't select the database."); 
    //Selects the database 


    /* 
    The Above code can be in a different file, then you can place include'filename.php'; instead. 
    */ 
     
    //Lets search the databse for the user name and password 
    $sql = mysql_query("SELECT * FROM userinformation 
           WHERE username=".addslashes($_POST['username'])." AND 
        password=".addslashes($_POST['password'])." LIMIT 1")or die(mysql_error()); 
    //Search for a row 
    $row = mysql_fetch_array($sql); 
    if($row){    //If there is a row start a session with values, then transfer to the users page 
        session_start(); 
        $_SESSION['username'] = $row['username']; 
        $_SESSION['fname'] = $row['first_name']; 
        $_SESSION['lname'] = $row['last_name']; 
        $_SESSION['logged'] = 1; 
        header("Location: users_page.php"); 
    }else{    //If there isn't a row return the user to a login page 
        header("Location: login_page.php"); 
    } 
}else{    //If the form button wasn't submitted go to the index page 
    header("Location: index.php");     
     
} 
?>

 

any ideas whats wrong

 

many thanks

 

yogi

Link to comment
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted 

$sql = mysql_query("SELECT * FROM userinformation WHERE `username`='".addslashes($_POST['username'])."' AND `password`='".addslashes($_POST['password'])."' LIMIT 1")or die(mysql_error());

 

As you're using mysql, you really should use mysql_real_escape_string instead of addslashes()

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.