Jump to content

Login Error


viv

Recommended Posts

I'm trying to create a login using an about.com premade as I have no PHP experience. When I try to log in with the correct user name and password (double checked them on my table) i get an error message rather than being redirected to the members page.

 

URL: http://arcadiasim.com/logintest.php

User Name: viv

Password: orange

 

should send me to http://arcadiasim.com/members.php

but instead gives error

 

 

Can anyone help me?

 

 

Code in use:

 

<?php

// Connects to your Database 
mysql_connect("localhost", "arcadias_arcadia", "****") or die(mysql_error()); 
mysql_select_db("arcadias_members") or die(mysql_error()); 


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: members.php");

		}

	}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie 

$_POST['username'] = stripslashes($_POST['username']);


$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);	

//then redirect them to the members area
header("Location: members.php");
}

}

} else {	

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}


?>

Link to comment
Share on other sites

That's the problem - i provided login info for the logintest.php link because there IS no error. It does what the php tells it to do - Incorrect password, please try again.

 

However, the password is correct.

 

What is wrong with my code that it says incorrect password when the password is correct?

Link to comment
Share on other sites

I don't know if this will help, but try changing the mysql_query to look for both the username AND the password. If it didn't find a match (using mysql_num_rows), return false. Otherwise, return true.

 

Here's the query:

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")or die(mysql_error());

Link to comment
Share on other sites

<?php

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
/*check here*/ $_POST['pass'] = md5($_POST['pass']); /*check here*/
if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

 

Are you sure you have your pass encrypted in your db?

Cause if you don't then you need to add an md5 hash of your pass instead of the actual string...

 

Regards,

Kathas

Link to comment
Share on other sites

The actual table is not encrypted if that's what you're asking. Could you explain that MD5 hash? to me? Or should i just remove the encryption segment? Either way the new line 19 error is before any of that stuff

Link to comment
Share on other sites

what new line?

 

if you don't know php (well learn) but since you don't know dont do big changes...

 

just use the script as it was and delete this:

$_POST['pass'] = md5($_POST['pass']);

 

i would never use this script to a public website...

it has many security problems...

 

Link to comment
Share on other sites

This is just for a game - no real money - i'm just trying to let people view their records and do transactions while making sure that User1 can only look at User1's stuff.

 

Is there an easier way to do this?

 

i'm trying to learn PHP - it's just not coming quickly. I know learning it is the answer, part of why i'm posting questions is because i'm trying to find out where i made my mistake.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.