Jump to content

script not workin, help plz


spode

Recommended Posts

hey guys, sorry for such an undescriptive title, i just couldnt think of somethign to title it

 

anyways this is my very very first (and simple) login script..i have a simple table set up that has a username and password. For some reason though, when i try to 'login', even though i know for a fact the password is right, i still get my error telling me 'Your password was incorrect.' Help me out? Do I have something wrong?

 

<?php
case 'login':
	if(isset($_POST['submit'])) {
		$username1 = $_POST['username'];
		$password = $_POST['password'];

		$fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')";
		$password2 = mysql_query($fetch);

		if($password == $password2) {
			echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page.";
		} else {
			echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>.";
		}
	} else {
		echo "<h2><center>LOGIN</center></h2>";
		echo "<form action=\"crud.php?action=login\" method=\"post\">
			  <table>
				<tr>
					<td>Username:</td>
					<td><input type=\"text\" name=\"username\" size=\"20\"></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type=\"password\" name=\"password\" size=\"20\"></td>
				</tr>
				<tr>
					<td><input type=\"submit\" name=\"submit\" value=\"Login\"></td>
				</tr>
			</table>
			</form>";
	}
	break;
?>

Link to comment
https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/
Share on other sites

no, this is:

 

<?php


$host = "*****";
$username = "*****";
$password = "****";

$dbc = mysql_connect($host, $username, $password) or die (mysql_error());
$select = mysql_select_db('colsim0_mysql');

$uid = $_GET['uid'];
$action = $_GET['action'];

switch($action) {
case 'edit':	
	if (isset($_POST['submit'])) {
		$uname = $_POST['uname'];
		$npass = $_POST['npass'];
		$vpass = $_POST['vpass'];
		if ($vpass == $npass) {
			$insertinfo = "UPDATE `tbl_users` SET `username`='$uname', `password`='$npass' WHERE `uid`='$uid'";
			if (mysql_query($insertinfo)) {
				echo "Information successfully updated! Your new username is " . $uname . " and your new password is " . $npass . "<br />
				Click <a href=\"show_ids.php\">here</a> to go back.";
				} else {
				echo "Information failed to update because " . mysql_error();
				}
			} else {
				echo "Your passwords did not match. Please <a href=\"crud.php?uid={$list['uid']}&action=edit\">try again</a>";
				}
		} else {
		$query = "SELECT * FROM tbl_users WHERE (uid=$uid)";
		$r = mysql_query ($query);
		$info = mysql_fetch_array($r);
		echo "<h1>Edit Information</h1>
		<form action=\"crud.php?action=edit\" method=\"post\">
		<table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"uname\" value='{$info['username']}' size=\"20\"></td>
			</tr>
			<tr>
				<td>New Password:</td>
				<td><input type=\"password\" name=\"npass\" value='{$info['password']}' size=\"20\"></td>
			</tr>
			<tr>
				<td>Verify Password:</td>
				<td><input type=\"password\" name=\"vpass\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Update\">
				</form>
		</table>";
		}
	break;
case 'delete':
	$delete = "DELETE FROM tbl_users WHERE uid=$uid";
	$r = mysql_query($delete);

	if (mysql_affected_rows() == 1) {
		echo '<p>Your account has been deleted.';
	} else {
		echo '<p>Could not delete your account because: ' . mysql_error();
		}
	break;
case 'new':
	if(isset($_POST['submit'])) {
		$newusername = $_POST['newusername'];
		$newpassword = $_POST['newpassword'];
		$result = mysql_query("SELECT `username` FROM `tbl_users` WHERE (username='$newusername')") or die(mysql_error());
		if (mysql_num_rows($result) == 0) {
			$createaccount = "INSERT INTO tbl_users (username, password) VALUES ('$newusername','$newpassword')";
			$result = mysql_query($createaccount) or die(mysql_error());
			echo "<p>Go back to the account viewer by clicking <a href=\"show_ids.php\">here</a></p>";
		} else {
			echo "<p>That username already exists. Please <a href=\"crud.php?uid={$list['uid']}&action=new\">try again</a></p>";
			}
	} else { 
		echo "<h1>New Account</h1>
		<form action=\"crud.php?action=new\" method=\"post\">
		<table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"newusername\" size=\"20\"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type=\"password\" name=\"newpassword\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Register\"></td>
			</tr>
			</form>
		</table>";
		}
	break;
case 'login':
	if(isset($_POST['submit'])) {
		$username1 = $_POST['username'];
		$password = $_POST['password'];

		$fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')";
		$password2 = mysql_query($fetch);

		if($password == $password2) {
			echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page.";
		} else {
			echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>.";
		}
	} else {
		echo "<h2><center>LOGIN</center></h2>";
		echo "<form action=\"crud.php?action=login\" method=\"post\">
			  <table>
				<tr>
					<td>Username:</td>
					<td><input type=\"text\" name=\"username\" size=\"20\"></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type=\"password\" name=\"password\" size=\"20\"></td>
				</tr>
				<tr>
					<td><input type=\"submit\" name=\"submit\" value=\"Login\"></td>
				</tr>
			</table>
			</form>";
	}
	break;
case 'admin':
	$username = $_POST['username'];
	$password = $_POST['password'];
	if(isset($_POST['submit'])) {
		if($username == "admin" AND $password == "admin") {
			echo "Welcome to the Admin Control Panel. Please select your action below:<br /><br />
			If you would like to see a list of users, please click <a href=\"show_ids.php\">HERE</a>";
		} else {
		echo "Please <a href=\"crud.php?action=admin&failures=$failures\">try again</a>";
		}
	} else {
	echo "<h2><center>ADMIN LOGIN</center></h2>";
	echo "<form action=\"crud.php?action=admin\" method=\"post\">
		  <table>
			<tr>
				<td>Username:</td>
				<td><input type=\"text\" name=\"username\" size=\"20\"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type=\"password\" name=\"password\" size=\"20\"></td>
			</tr>
			<tr>
				<td><input type=\"submit\" name=\"submit\" value=\"Login as Admin\"></td>
			</tr>
			</table>
		  </form>";
	}
	break;
default:
	echo "Action not found.";
	break;
}	
?>

$fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')";
$password2 = mysql_query($fetch);

if($password == $password2) {

 

CHANGE TO:

 

$fetch = "SELECT `password` FROM `tbl_users` WHERE `username` ='$username1'";
$pass2 = mysql_query($fetch) or die(mysql_error());
$pfet = mysql_fetch_assoc($pass2);
$password2 = $pfet['password'];

if($password == $password2){

$password2 = mysql_query($fetch);

 

if($password == $password2)

 

 

$password2 is the result. it doesn't contain the real password yet. In order to get the password, you have to use function like mysql_fetch_row($password2) to get it. You also can use the previous script posted.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.