[SOLVED] php Login

[plutomed]

can anyone tell me what is wrong with my php script

 

<?

ob_start();

?>

<form action="login.php?do=login" method="post">

<table>

  <tr>

    <td><label for="uname">Username:</label></td>

    <td><input type="text" name="uname" /></td>

  </tr>

  <tr>

    <td><label for="pass">Password:</label></td>

    <td><input type="password" name="pass" /></td>

  </tr>

  <tr>

    <td colspan="2"><input type="submit" name="login" value="Login" /></td>

  </tr>

</table>

</form>

 

<?php

if($_GET['do'] == "login")

{

$uname = $_POST['uname'];

$pass = $_POST['pass'];

 

require "db_connect.php";

 

$users = mysql_query("SELECT * FROM users WHERE `uname` = '".$uname."' AND `pass` = '".$pass."'") or die(mysql_error());

 

if(mysql_num_rows($users) == 1) {

session_start();

$_SESSION['login'] == "Logged in";

header("location:main.php");

} else {

echo "Wrong Username/Password";

}

 

 

mysql_close($con);

}

ob_end_flush();

?>

 

 

 

 

It always says when you try to login Wrong Username/Password

[JJohnsenDK]

Try this if(mysql_fetch_row != 0) insted:

 

if(mysql_num_rows($users) != 1) {
      session_start();
      $_SESSION['login'] == "Logged in";
      header("location:main.php");
   } else {
      echo "Wrong Username/Password";
   }

[plutomed]

ah thankyou it works now 

[plutomed]

but wont that log everyone in

 

[JJohnsenDK]

yes sorry it would that everyone can log in... i read your code wrong.

 

you should test if the users have correct infomation if he doesnt then $logged_in = 0 else $logged_in = 1

 

do you understand what i mean?

[plutomed]

the problem is that the query is returning 0 rows even though the login info matches that in the database

[Neptunus Maris]

you should just use the $_SERVER[php_SELF] method instead of doing ?do

[plutomed]

thanks for your help everyone but i found out that it doesnt line the variables i made so insted of $username in the query i changed it to $_POST['uname'] weird but yes it works

 

*i found out why the variables didnt work i specifiesd them as something else in the connect  to the database stupid me

[s0c0]

Here is code from my login form you can use.  The first is for a page called login.php.

 

<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="auth.php">
<table>
<tr>
<td>Username</td><td><input name="username" type="text"></td></tr>
<tr>
<td>Password</td><td><input type="password" names="password"></td></tr>
<tr>
<td> </td>
<td><input type="Submit" value="Login" /></td></tr>
</table>
</form>
</body>
</html>

 

That form posts to a page called auth.php:

 

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];

$con = mysqli_connect('localhost', 'user', 'password', 'db'); /* connect to database */

        if (!$con){ 
       die('Could not connect: ' . mysql_error()); /* report connection error on failure */
        }

$con->select_db("music"); /* select database */
$auth_query = "Select user_id FROM users WHERE username='". $username. "' and password='" .$password. "'"; /* auth query to ivault.users */
$auth = mysqli_query($con, $auth_query);
$row = mysqli_fetch_row($auth);
$count = $row[0];

        if ($row > 0){ /*  login success */
                $_SESSION["user"] = $username; /* store username in session */
                $_SESSION["uid"] = $count;
                echo $_SESSION["user"]."<br/>";
                header("Location: http://192.168.1.134/mymusic.php"); /* browser redirect */
        }
        else { /* Login failure */
                echo "We're sorry ". $username ." but we were unable to log you in using password ". $password .". Please try again</p>";
                echo "<a href=\"http://192.168.1.134/login.php\">Retry login</a>";
        }

mysqli_close($con); /* close connection */
exit;

?>
<html>
<head>
<title></title>
</head>
</html>

 

This code is from a backup I made a few weeks ago, but the login has been working for a while so it should be good.  You can remove the stuff about sessions in there unless you want that in there.