Login Error

viv · May 12, 2007

I'm trying to create a login using an about.com premade as I have no PHP experience. When I try to log in with the correct user name and password (double checked them on my table) i get an error message rather than being redirected to the members page.

URL: http://arcadiasim.com/logintest.php

User Name: viv

Password: orange

should send me to http://arcadiasim.com/members.php

but instead gives error

Can anyone help me?

Code in use:

<?php

// Connects to your Database 
mysql_connect("localhost", "arcadias_arcadia", "****") or die(mysql_error()); 
mysql_select_db("arcadias_members") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: members.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: members.php");
}

}

} else {	

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

ryan.od · May 12, 2007

Please post the error message.

RyanOD

viv · May 12, 2007

That's the problem - i provided login info for the logintest.php link because there IS no error. It does what the php tells it to do - Incorrect password, please try again.

However, the password is correct.

What is wrong with my code that it says incorrect password when the password is correct?

john010117 · May 12, 2007

I don't know if this will help, but try changing the mysql_query to look for both the username AND the password. If it didn't find a match (using mysql_num_rows), return false. Otherwise, return true.

Here's the query:

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")or die(mysql_error());

viv · May 12, 2007

if i do that then i get the following error:

Parse error: syntax error, unexpected T_LOGICAL_OR in /home/arcadias/public_html/logintest.php on line 19

kathas · May 12, 2007

<?php

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
/*check here*/ $_POST['pass'] = md5($_POST['pass']); /*check here*/
if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

Are you sure you have your pass encrypted in your db?

Cause if you don't then you need to add an md5 hash of your pass instead of the actual string...

Regards,

Kathas

viv · May 12, 2007

The actual table is not encrypted if that's what you're asking. Could you explain that MD5 hash? to me? Or should i just remove the encryption segment? Either way the new line 19 error is before any of that stuff

kathas · May 12, 2007

what new line?

if you don't know php (well learn) but since you don't know dont do big changes...

just use the script as it was and delete this:

$_POST['pass'] = md5($_POST['pass']);

i would never use this script to a public website...

it has many security problems...

viv · May 12, 2007

This is just for a game - no real money - i'm just trying to let people view their records and do transactions while making sure that User1 can only look at User1's stuff.

Is there an easier way to do this?

i'm trying to learn PHP - it's just not coming quickly. I know learning it is the answer, part of why i'm posting questions is because i'm trying to find out where i made my mistake.

Sign In

Login Error

Recommended Posts

viv

Link to comment

Share on other sites

ryan.od

Link to comment

Share on other sites

viv

Link to comment

Share on other sites

john010117

Link to comment

Share on other sites

viv

Link to comment

Share on other sites

kathas

Link to comment

Share on other sites

viv

Link to comment

Share on other sites

kathas

Link to comment

Share on other sites

viv

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information