virtuexru Posted February 27, 2007 Share Posted February 27, 2007 OK. I know the username and password I'm entering is correct, I think its a problem with how the password is hashed or unhashed? Any luck with this? Here's my header code and the form code itself. Please help! <?php session_start(); $errorMessage = ''; if (isset($_POST['user_id_input']) && isset($_POST['user_pw_input'])) { include 'config/config.php'; include 'config/connect.php'; $userid = $_POST['user_id_input']; $userpw = $_POST['user_pw_input']; $authenticate = "SELECT username FROM userlist WHERE username = '$userid' AND password = PASSWORD('$userpw')"; $result = mysql_query($authenticate) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // if the password/username matches, set the session $_SESSION['user_logged_in'] = true; // redirect to profile page header('Location: profile.php'); exit; } else { $errorMessage = 'Invalid Login Credentials'; } include 'config/close.php'; } ?> Form: <p/><form action="" method="post" name="Login" id="Login">Username: <input name="user_id_input" type="text" id="user_id_input" size="15"> Password: <input name="user_pw_input" type="password" id="user_pw_input" size="15"> <input name="Login" type="submit" id="Login" value="Login"></form> <p/> <?php if ($errorMessage != '') { ?> <b><font color="red"><?php echo $errorMessage; echo $result; ?></font></b> <?php } else { echo "Become a member today!"; } ?> | <a href="register.php">Register Now!</a> Quote Link to comment Share on other sites More sharing options...
btherl Posted February 27, 2007 Share Posted February 27, 2007 Can you show us the code that creates the username and password? Also, it's a good idea to use mysql_real_escape_string(), in case someone uses funny characters. $userid_esc = mysql_real_escape_string($userid); $userpw_esc = mysql_real_escape_string($userpw); $authenticate = "SELECT username FROM userlist WHERE username = '$userid_esc' AND password = PASSWORD('$userpw_esc')"; Quote Link to comment Share on other sites More sharing options...
virtuexru Posted February 27, 2007 Author Share Posted February 27, 2007 $request = "INSERT INTO userlist values('','$username',PASSWORD('$password'),'$email')"; Quote Link to comment Share on other sites More sharing options...
fenway Posted February 27, 2007 Share Posted February 27, 2007 I would warn you that a) your pasword is being send in plain-text and b) you're not supposed to use the internal PASSWORD() mysql function. Quote Link to comment Share on other sites More sharing options...
virtuexru Posted February 27, 2007 Author Share Posted February 27, 2007 So what am I supposed to do? Quote Link to comment Share on other sites More sharing options...
fenway Posted February 27, 2007 Share Posted February 27, 2007 Use an hash function that's common to both PHP & MySQL, and send the secret text in your query. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.