virtuexru Posted February 27, 2007 Share Posted February 27, 2007 OK. I know the username and password I'm entering is correct, I think its a problem with how the password is hashed or unhashed? Any luck with this? Here's my header code and the form code itself. Please help! <?php session_start(); $errorMessage = ''; if (isset($_POST['user_id_input']) && isset($_POST['user_pw_input'])) { include 'config/config.php'; include 'config/connect.php'; $userid = $_POST['user_id_input']; $userpw = $_POST['user_pw_input']; $authenticate = "SELECT username FROM userlist WHERE username = '$userid' AND password = PASSWORD('$userpw')"; $result = mysql_query($authenticate) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // if the password/username matches, set the session $_SESSION['user_logged_in'] = true; // redirect to profile page header('Location: profile.php'); exit; } else { $errorMessage = 'Invalid Login Credentials'; } include 'config/close.php'; } ?> Form: <p/><form action="" method="post" name="Login" id="Login">Username: <input name="user_id_input" type="text" id="user_id_input" size="15"> Password: <input name="user_pw_input" type="password" id="user_pw_input" size="15"> <input name="Login" type="submit" id="Login" value="Login"></form> <p/> <?php if ($errorMessage != '') { ?> <b><font color="red"><?php echo $errorMessage; echo $result; ?></font></b> <?php } else { echo "Become a member today!"; } ?> | <a href="register.php">Register Now!</a> Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/ Share on other sites More sharing options...
btherl Posted February 27, 2007 Share Posted February 27, 2007 Can you show us the code that creates the username and password? Also, it's a good idea to use mysql_real_escape_string(), in case someone uses funny characters. $userid_esc = mysql_real_escape_string($userid); $userpw_esc = mysql_real_escape_string($userpw); $authenticate = "SELECT username FROM userlist WHERE username = '$userid_esc' AND password = PASSWORD('$userpw_esc')"; Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/#findComment-195025 Share on other sites More sharing options...
virtuexru Posted February 27, 2007 Author Share Posted February 27, 2007 $request = "INSERT INTO userlist values('','$username',PASSWORD('$password'),'$email')"; Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/#findComment-195332 Share on other sites More sharing options...
fenway Posted February 27, 2007 Share Posted February 27, 2007 I would warn you that a) your pasword is being send in plain-text and b) you're not supposed to use the internal PASSWORD() mysql function. Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/#findComment-195363 Share on other sites More sharing options...
virtuexru Posted February 27, 2007 Author Share Posted February 27, 2007 So what am I supposed to do? Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/#findComment-195482 Share on other sites More sharing options...
fenway Posted February 27, 2007 Share Posted February 27, 2007 Use an hash function that's common to both PHP & MySQL, and send the secret text in your query. Link to comment https://forums.phpfreaks.com/topic/40297-user-login-page-wont-work-need-help/#findComment-195491 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.