viv Posted May 12, 2007 Share Posted May 12, 2007 I'm trying to create a login using an about.com premade as I have no PHP experience. When I try to log in with the correct user name and password (double checked them on my table) i get an error message rather than being redirected to the members page. URL: http://arcadiasim.com/logintest.php User Name: viv Password: orange should send me to http://arcadiasim.com/members.php but instead gives error Can anyone help me? Code in use: <?php // Connects to your Database mysql_connect("localhost", "arcadias_arcadia", "****") or die(mysql_error()); mysql_select_db("arcadias_members") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
ryan.od Posted May 12, 2007 Share Posted May 12, 2007 Please post the error message. RyanOD Quote Link to comment Share on other sites More sharing options...
viv Posted May 12, 2007 Author Share Posted May 12, 2007 That's the problem - i provided login info for the logintest.php link because there IS no error. It does what the php tells it to do - Incorrect password, please try again. However, the password is correct. What is wrong with my code that it says incorrect password when the password is correct? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 12, 2007 Share Posted May 12, 2007 I don't know if this will help, but try changing the mysql_query to look for both the username AND the password. If it didn't find a match (using mysql_num_rows), return false. Otherwise, return true. Here's the query: $check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
viv Posted May 12, 2007 Author Share Posted May 12, 2007 if i do that then i get the following error: Parse error: syntax error, unexpected T_LOGICAL_OR in /home/arcadias/public_html/logintest.php on line 19 Quote Link to comment Share on other sites More sharing options...
kathas Posted May 12, 2007 Share Posted May 12, 2007 <?php $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); /*check here*/ $_POST['pass'] = md5($_POST['pass']); /*check here*/ if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } Are you sure you have your pass encrypted in your db? Cause if you don't then you need to add an md5 hash of your pass instead of the actual string... Regards, Kathas Quote Link to comment Share on other sites More sharing options...
viv Posted May 12, 2007 Author Share Posted May 12, 2007 The actual table is not encrypted if that's what you're asking. Could you explain that MD5 hash? to me? Or should i just remove the encryption segment? Either way the new line 19 error is before any of that stuff Quote Link to comment Share on other sites More sharing options...
kathas Posted May 12, 2007 Share Posted May 12, 2007 what new line? if you don't know php (well learn) but since you don't know dont do big changes... just use the script as it was and delete this: $_POST['pass'] = md5($_POST['pass']); i would never use this script to a public website... it has many security problems... Quote Link to comment Share on other sites More sharing options...
viv Posted May 12, 2007 Author Share Posted May 12, 2007 This is just for a game - no real money - i'm just trying to let people view their records and do transactions while making sure that User1 can only look at User1's stuff. Is there an easier way to do this? i'm trying to learn PHP - it's just not coming quickly. I know learning it is the answer, part of why i'm posting questions is because i'm trying to find out where i made my mistake. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.