littlepeg Posted May 4, 2007 Share Posted May 4, 2007 :)Hi everybody. Would you please tell me how can I sorted out this log in problem. I typed in the right user name and password (exactly the same as the ones stored in the database), but there is an error message shows that: "The user name and password entered do not match those on file" Query: SELECT user_id, first_name FROM users WHERE user_name='ttt' AND password=MD5('ttt'). (it is also very strange that the real password shows up, rather than password=MD5('password')). Any help would be grately and appreciated. The codes as follows: <?php //login.php // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('snypdb.php'); // Connect to the db. $errors = array(); // Initialize error array. // Check for an user name. if (empty($_POST['user_name'])) { $errors[] = 'You forgot to enter your user name.'; } else { $un = $_POST['user_name']; } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = $_POST['password']; } if (empty($errors)) { // If everything's OK. /* Retrieve the user_id and first_name for that user name/password combination. */ $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password=MD5('$p')"; $result = @mysql_query ($query); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if ($row) { // A record was pulled from the database. // Set the session data & redirect. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php'; header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The user name and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of the main Submit conditional. if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login.php" method="post"> <p>User Name: <input type="text" name="user_name" size="20" maxlength="40" /> </p> <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 4, 2007 Share Posted May 4, 2007 use md5 outside the query $password = md5($_POST['password']); Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Hi benjaminbeazy, thank you. The password does not show now. However, why it is still output error message as follows even when I typed the right user name and password?? :'(: "The following error(s) occurred: - The user name and password entered do not match those on file." Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 what is they mysql error? Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 there are actually no mysql error messages. I don't understand why. :'(the only message displayed is: "Error! The following error(s) occurred: - The user name and password entered do not match those on file. - Query: SELECT user_id, first_name FROM users WHERE user_name='ttt' AND password=('34b7da764b21d298ef307d04d8152dc5') Please try again. Login User Name: Password: Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 change result to $result = mysql_query($query) or die(mysql_error()); this will print the error Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 I changed it , but there still no error message printed :'( <?php //login.php // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('snypdb.php'); // Connect to the db. $errors = array(); // Initialize error array. // Check for an user name. if (empty($_POST['user_name'])) { $errors[] = 'You forgot to enter your user name.'; } else { $un = $_POST['user_name']; } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = md5($_POST['password']); } if (empty($errors)) { // If everything's OK. /* Retrieve the user_id and first_name for that user name/password combination. */ $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password=('$p')"; $result = mysql_query($query) or die(mysql_error()); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if ($row) { // A record was pulled from the database. // Set the session data & redirect. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php'; header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The user name and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of the main Submit conditional. if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login.php" method="post"> <p>User Name: <input type="text" name="user_name" size="20" maxlength="40" /> </p> <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 i don't know if this will help but try changing $row to $row = mysql_num_rows($result); then change if($row == 1){ //user found try removing the () from around the password in the query as well Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Sorry, benjaminbeazy. But I dont understand what do you mean by " try removing the () from around the password in the query as well" ? Quote Link to comment Share on other sites More sharing options...
tauchai83 Posted May 5, 2007 Share Posted May 5, 2007 <?php $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password=('$p')"; //remove () ?> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 thx Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 :)Hi, benjaminbeazy, I changed them. But still the same problem. :'( <?php //login2.php // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('snypdb.php'); // Connect to the db. $errors = array(); // Initialize error array. // Check for an user name. if (empty($_POST['user_name'])) { $errors[] = 'You forgot to enter your user name.'; } else { $un = $_POST['user_name']; } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = md5($_POST['password']); } if (empty($errors)) { // If everything's OK. /* Retrieve the user_id and first_name for that user name/password combination. */ $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password='$p'"; $result = mysql_query($query) or die(mysql_error()); // Run the query. $row = mysql_num_rows($result); // Return a record, if applicable. if ($row==1) { // A record was pulled from the database. // Set the session data & redirect. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php'; header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The user name and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message. } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of the main Submit conditional. if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login2.php" method="post"> <p>User Name: <input type="text" name="user_name" size="20" maxlength="40" /> </p> <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 try this for me <?php //login2.php // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('snypdb.php'); // Connect to the db. $errors = array(); // Initialize error array. // Check for an user name. if (empty($_POST['user_name'])) { $errors[] = 'You forgot to enter your user name.'; } else { $un = $_POST['user_name']; } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = md5($_POST['password']); } if (empty($errors)) { // If everything's OK. /* Retrieve the user_id and first_name for that user name/password combination. */ $insert = "INSERT INTO users (user_name, password) VALUES ('user', 'pass')"; $insert_result = mysql_query($insert) or die(mysql_error()); $query = "SELECT user_id, first_name FROM users WHERE user_name='user' AND password='pass'"; $result = mysql_query($query) or die(mysql_error()); // Run the query. $row = mysql_num_rows($result); // Return a record, if applicable. if ($row >= 1) { // A record was pulled from the database. // Set the session data & redirect. session_start(); $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php'; header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The user name and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . ' Query: ' . $query; // Debugging message. } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of the main Submit conditional. if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred: '; foreach ($errors as $msg) { // Print each error. echo " - $msg \n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login2.php" method="post"> <p>User Name: <input type="text" name="user_name" size="20" maxlength="40" /> </p> <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 :)Thank you. Now, there are the following error messages: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\wamp\www\snyp\snypdb.php:20) in C:\wamp\www\snyp\login2.php on line 39 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\wamp\www\snyp\snypdb.php:20) in C:\wamp\www\snyp\login2.php on line 39 Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\snyp\snypdb.php:20) in C:\wamp\www\snyp\login2.php on line 53 Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 ok, the reason that worked was because i inserted a new user and queried for it, hence your user name or password was wrong.... now, session_start() needs to be the top thing in your page, so make your code this now... and ensure that the user name / password combo is right <?php //login2.php session_start(); // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('snypdb.php'); // Connect to the db. $errors = array(); // Initialize error array. // Check for an user name. if (empty($_POST['user_name'])) { $errors[] = 'You forgot to enter your user name.'; } else { $un = $_POST['user_name']; } // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = md5($_POST['password']); } if (empty($errors)) { // If everything's OK. /* Retrieve the user_id and first_name for that user name/password combination. */ $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password='$p'"; $result = mysql_query($query) or die(mysql_error()); // Run the query. $num = mysql_num_rows($result); // Return a record, if applicable. if ($num == 1) { // A record was pulled from the database. $row = mysql_fetch_array($result, MYSQL_NUM); // Set the session data & redirect. $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; // Redirect the user to the loggedin.php page. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/loggedin.php'; header("Location: $url"); exit(); // Quit the script. } else { // No record matched the query. $errors[] = 'The user name and password entered do not match those on file.'; // Public message. $errors[] = mysql_error() . ' Query: ' . $query; // Debugging message. } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } else { // Form has not been submitted. $errors = NULL; } // End of the main Submit conditional. if (!empty($errors)) { // Print any error messages. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred: '; foreach ($errors as $msg) { // Print each error. echo " - $msg \n"; } echo '</p><p>Please try again.</p>'; } // Create the form. ?> <h2>Login</h2> <form action="login2.php" method="post"> <p>User Name: <input type="text" name="user_name" size="20" maxlength="40" /> </p> <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> Quote Link to comment Share on other sites More sharing options...
tauchai83 Posted May 5, 2007 Share Posted May 5, 2007 <?php // Check for a password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your password.'; } else { $p = $_POST['password']; } if (empty($errors)) { // If everything's OK. $query = "SELECT user_id, first_name FROM users WHERE user_name='$un' AND password='$p'"; $result = mysql_query($query) or die(mysql_error()); // Run the query. $row = mysql_num_rows($result); // Return a record, if applicable ?> try this OK? Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Thank you, tauchai83, I will try it now Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Sorry, tauchai83, it still has the same problem :'( Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 what did u get when u tried my last code i just posted??? Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 :)Sorry, benjaminbeazy. I tried again by use new password and user name in the registration form, and it indicates successful stored. However, when I tried to log in, the same problem shows again. Eventhough,the last method stops the showing up of the error message, but it insert the new password and user name rather than retrieve the info from database. :'( here is some info from my database -- -- Table structure for table `users` -- CREATE TABLE `users` ( `user_id` int(10) unsigned NOT NULL auto_increment, `user_name` varchar(25) NOT NULL, `password` varchar(32) NOT NULL, `first_name` varchar(15) NOT NULL, `last_name` varchar(30) NOT NULL, `address` varchar(100) NOT NULL, `postcode` varchar(12) NOT NULL, `tel` varchar(20) NOT NULL, `email` varchar(100) default NULL, `agreetolist` varchar(4) NOT NULL, `registration_date` datetime NOT NULL, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=24 ; -- -- Dumping data for table `users` -- INSERT INTO `users` (`user_id`, `user_name`, `password`, `first_name`, `last_name`, `address`, `postcode`, `tel`, `email`, `agreetolist`, `registration_date`) VALUES (11, 'ttt', '96835dd8bfa718bd6447ccc87', 'a', 'a', 'a', 'sr5', 'a', 'a', 'y', '2007-05-04 23:47:25'), (12, 'fasd', 'c4ca4238a0b923820dcc509a6', '1', '1', '1', 'sr5', 's', 's', 'y', '2007-05-05 00:06:45'), (13, 'e', '58e6b3a414a1e090dfc6029add0f3555', 'e', 'e', 'e', 'peggyzhao@ho', 'e', 'peggyzhao@hotmail.co.uk', 'y', '2007-05-05 00:14:40'), (14, 't', '8efd86fb78a56a5145ed7739dcb00c78', 't', 't', 't', 'peggy@hotmai', 't', '', 'y', '2007-05-05 00:16:50'), (15, 'g', 'b2f5ff47436671b6e533d8dc3614845d', 'g', 'g', 'g', 'sr5', 'g', 'h', 'y', '2007-05-05 00:21:35'), (16, 'u', '51e69892ab49df85c6230ccc57f8e1d1', 'u', 'u', 'u', 'sr5', 'u', 'sdfdsf@hotmail.com', 'y', '2007-05-05 00:23:24'), (17, 'p', 'p', 'p', 'p', 'p', 'sr5', 'p', 'sdfsd@hotmail.com', 'y', '2007-05-05 01:35:08'), (18, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'), (19, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'), (20, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'), (21, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'), (22, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'), (23, 'user', 'pass', '', '', '', '', '', NULL, '', '0000-00-00 00:00:00'); Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 do u have a link to the page?? Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Hi benjaminbeazy, this is the output from the last codes you gave it to me The following error(s) occurred: - The user name and password entered do not match those on file. - Query: SELECT user_id, first_name FROM users WHERE user_name='ttt' AND password='34b7da764b21d298ef307d04d8152dc5' Please try again. Login User Name: Password: Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted May 5, 2007 Share Posted May 5, 2007 that password doesnt match the db password for ttt Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 I dont have a link to the page, I am developing it using localhost at the moment. what should I do? :'( Quote Link to comment Share on other sites More sharing options...
littlepeg Posted May 5, 2007 Author Share Posted May 5, 2007 Sorry, it were: The following error(s) occurred: - The user name and password entered do not match those on file. - Query: SELECT user_id, first_name FROM users WHERE user_name='tom' AND password='34b7da764b21d298ef307d04d8152dc5' Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.