script not workin, help plz

spode · July 21, 2007

hey guys, sorry for such an undescriptive title, i just couldnt think of somethign to title it

anyways this is my very very first (and simple) login script..i have a simple table set up that has a username and password. For some reason though, when i try to 'login', even though i know for a fact the password is right, i still get my error telling me 'Your password was incorrect.' Help me out? Do I have something wrong?

<?php
case 'login':
	if(isset($_POST['submit'])) {
		$username1 = $_POST['username'];
		$password = $_POST['password'];

		$fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')";
		$password2 = mysql_query($fetch);

		if($password == $password2) {
			echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page.";
		} else {
			echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>.";
		}
	} else {
		echo "<h2><center>LOGIN</center></h2>";
		echo "<form action=\"crud.php?action=login\" method=\"post\">
			  <table>
				<tr>
					<td>Username:</td>
					<td><input type=\"text\" name=\"username\" size=\"20\"></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type=\"password\" name=\"password\" size=\"20\"></td>
				</tr>
				<tr>
					<td><input type=\"submit\" name=\"submit\" value=\"Login\"></td>
				</tr>
			</table>
			</form>";
	}
	break;
?>

aim25 · July 21, 2007

Is that the whole script?

spode · July 21, 2007

no, this is:

<?php


$host = "*****";
$username = "*****";
$password = "****";

$dbc = mysql_connect($host, $username, $password) or die (mysql_error());
$select = mysql_select_db('colsim0_mysql');

$uid = $_GET['uid'];
$action = $_GET['action'];

switch($action) {
case 'edit':	
	if (isset($_POST['submit'])) {
		$uname = $_POST['uname'];
		$npass = $_POST['npass'];
		$vpass = $_POST['vpass'];
		if ($vpass == $npass) {
			$insertinfo = "UPDATE `tbl_users` SET `username`='$uname', `password`='$npass' WHERE `uid`='$uid'";
			if (mysql_query($insertinfo)) {
				echo "Information successfully updated! Your new username is " . $uname . " and your new password is " . $npass . "<br />
				Click <a href=\"show_ids.php\">here</a> to go back.";
				} else {
				echo "Information failed to update because " . mysql_error();
				}
			} else {
				echo "Your passwords did not match. Please <a href=\"crud.php?uid={$list['uid']}&action=edit\">try again</a>";
				}
		} else {
		$query = "SELECT * FROM tbl_users WHERE (uid=$uid)";
		$r = mysql_query ($query);
		$info = mysql_fetch_array($r);
		echo "<h1>Edit Information</h1>
		<form action=\"crud.php?action=edit\" method=\"post\">
		<table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"uname\" value='{$info['username']}' size=\"20\"></td>
			</tr>
			<tr>
				<td>New Password:</td>
				<td><input type=\"password\" name=\"npass\" value='{$info['password']}' size=\"20\"></td>
			</tr>
			<tr>
				<td>Verify Password:</td>
				<td><input type=\"password\" name=\"vpass\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Update\">
				</form>
		</table>";
		}
	break;
case 'delete':
	$delete = "DELETE FROM tbl_users WHERE uid=$uid";
	$r = mysql_query($delete);

	if (mysql_affected_rows() == 1) {
		echo '<p>Your account has been deleted.';
	} else {
		echo '<p>Could not delete your account because: ' . mysql_error();
		}
	break;
case 'new':
	if(isset($_POST['submit'])) {
		$newusername = $_POST['newusername'];
		$newpassword = $_POST['newpassword'];
		$result = mysql_query("SELECT `username` FROM `tbl_users` WHERE (username='$newusername')") or die(mysql_error());
		if (mysql_num_rows($result) == 0) {
			$createaccount = "INSERT INTO tbl_users (username, password) VALUES ('$newusername','$newpassword')";
			$result = mysql_query($createaccount) or die(mysql_error());
			echo "<p>Go back to the account viewer by clicking <a href=\"show_ids.php\">here</a></p>";
		} else {
			echo "<p>That username already exists. Please <a href=\"crud.php?uid={$list['uid']}&action=new\">try again</a></p>";
			}
	} else { 
		echo "<h1>New Account</h1>
		<form action=\"crud.php?action=new\" method=\"post\">
		<table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"newusername\" size=\"20\"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type=\"password\" name=\"newpassword\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Register\"></td>
			</tr>
			</form>
		</table>";
		}
	break;
case 'login':
	if(isset($_POST['submit'])) {
		$username1 = $_POST['username'];
		$password = $_POST['password'];

		$fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')";
		$password2 = mysql_query($fetch);

		if($password == $password2) {
			echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page.";
		} else {
			echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>.";
		}
	} else {
		echo "<h2><center>LOGIN</center></h2>";
		echo "<form action=\"crud.php?action=login\" method=\"post\">
			  <table>
				<tr>
					<td>Username:</td>
					<td><input type=\"text\" name=\"username\" size=\"20\"></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type=\"password\" name=\"password\" size=\"20\"></td>
				</tr>
				<tr>
					<td><input type=\"submit\" name=\"submit\" value=\"Login\"></td>
				</tr>
			</table>
			</form>";
	}
	break;
case 'admin':
	$username = $_POST['username'];
	$password = $_POST['password'];
	if(isset($_POST['submit'])) {
		if($username == "admin" AND $password == "admin") {
			echo "Welcome to the Admin Control Panel. Please select your action below:<br /><br />
			If you would like to see a list of users, please click <a href=\"show_ids.php\">HERE</a>";
		} else {
		echo "Please <a href=\"crud.php?action=admin&failures=$failures\">try again</a>";
		}
	} else {
	echo "<h2><center>ADMIN LOGIN</center></h2>";
	echo "<form action=\"crud.php?action=admin\" method=\"post\">
		  <table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"username\" size=\"20\"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type=\"password\" name=\"password\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Login as Admin\"></td>
			</tr>
			</table>
		  </form>";
	}
	break;
default:
	echo "Action not found.";
	break;
}	
?>

aim25 · July 21, 2007

$fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')"; take the brackets out. And maybe change the = to ==.

marcus · July 21, 2007

$fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')";
$password2 = mysql_query($fetch);

if($password == $password2) {

CHANGE TO:

$fetch = "SELECT `password` FROM `tbl_users` WHERE `username` ='$username1'";
$pass2 = mysql_query($fetch) or die(mysql_error());
$pfet = mysql_fetch_assoc($pass2);
$password2 = $pfet['password'];

if($password == $password2){

tanvir · July 21, 2007

$password2 = mysql_query($fetch);

if($password == $password2)

$password2 is the result. it doesn't contain the real password yet. In order to get the password, you have to use function like mysql_fetch_row($password2) to get it. You also can use the previous script posted.

spode · July 23, 2007

thanks for the great reply guys, it worked perfectly, but one quick question

is it necessary to use 'mysql_fetch_assoc()' rather than using 'myspl_fetch_array()' ?

thanks again

Sign In

script not workin, help plz

Recommended Posts

spode

Link to comment

Share on other sites

aim25

Link to comment

Share on other sites

spode

Link to comment

Share on other sites

aim25

Link to comment

Share on other sites

marcus

Link to comment

Share on other sites

tanvir

Link to comment

Share on other sites

spode

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information