spode Posted July 21, 2007 Share Posted July 21, 2007 hey guys, sorry for such an undescriptive title, i just couldnt think of somethign to title it anyways this is my very very first (and simple) login script..i have a simple table set up that has a username and password. For some reason though, when i try to 'login', even though i know for a fact the password is right, i still get my error telling me 'Your password was incorrect.' Help me out? Do I have something wrong? <?php case 'login': if(isset($_POST['submit'])) { $username1 = $_POST['username']; $password = $_POST['password']; $fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page."; } else { echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>."; } } else { echo "<h2><center>LOGIN</center></h2>"; echo "<form action=\"crud.php?action=login\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login\"></td> </tr> </table> </form>"; } break; ?> Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/ Share on other sites More sharing options...
aim25 Posted July 21, 2007 Share Posted July 21, 2007 Is that the whole script? Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-304253 Share on other sites More sharing options...
spode Posted July 21, 2007 Author Share Posted July 21, 2007 no, this is: <?php $host = "*****"; $username = "*****"; $password = "****"; $dbc = mysql_connect($host, $username, $password) or die (mysql_error()); $select = mysql_select_db('colsim0_mysql'); $uid = $_GET['uid']; $action = $_GET['action']; switch($action) { case 'edit': if (isset($_POST['submit'])) { $uname = $_POST['uname']; $npass = $_POST['npass']; $vpass = $_POST['vpass']; if ($vpass == $npass) { $insertinfo = "UPDATE `tbl_users` SET `username`='$uname', `password`='$npass' WHERE `uid`='$uid'"; if (mysql_query($insertinfo)) { echo "Information successfully updated! Your new username is " . $uname . " and your new password is " . $npass . "<br /> Click <a href=\"show_ids.php\">here</a> to go back."; } else { echo "Information failed to update because " . mysql_error(); } } else { echo "Your passwords did not match. Please <a href=\"crud.php?uid={$list['uid']}&action=edit\">try again</a>"; } } else { $query = "SELECT * FROM tbl_users WHERE (uid=$uid)"; $r = mysql_query ($query); $info = mysql_fetch_array($r); echo "<h1>Edit Information</h1> <form action=\"crud.php?action=edit\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"uname\" value='{$info['username']}' size=\"20\"></td> </tr> <tr> <td>New Password:</td> <td><input type=\"password\" name=\"npass\" value='{$info['password']}' size=\"20\"></td> </tr> <tr> <td>Verify Password:</td> <td><input type=\"password\" name=\"vpass\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Update\"> </form> </table>"; } break; case 'delete': $delete = "DELETE FROM tbl_users WHERE uid=$uid"; $r = mysql_query($delete); if (mysql_affected_rows() == 1) { echo '<p>Your account has been deleted.'; } else { echo '<p>Could not delete your account because: ' . mysql_error(); } break; case 'new': if(isset($_POST['submit'])) { $newusername = $_POST['newusername']; $newpassword = $_POST['newpassword']; $result = mysql_query("SELECT `username` FROM `tbl_users` WHERE (username='$newusername')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $createaccount = "INSERT INTO tbl_users (username, password) VALUES ('$newusername','$newpassword')"; $result = mysql_query($createaccount) or die(mysql_error()); echo "<p>Go back to the account viewer by clicking <a href=\"show_ids.php\">here</a></p>"; } else { echo "<p>That username already exists. Please <a href=\"crud.php?uid={$list['uid']}&action=new\">try again</a></p>"; } } else { echo "<h1>New Account</h1> <form action=\"crud.php?action=new\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"newusername\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"newpassword\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Register\"></td> </tr> </form> </table>"; } break; case 'login': if(isset($_POST['submit'])) { $username1 = $_POST['username']; $password = $_POST['password']; $fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page."; } else { echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>."; } } else { echo "<h2><center>LOGIN</center></h2>"; echo "<form action=\"crud.php?action=login\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login\"></td> </tr> </table> </form>"; } break; case 'admin': $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['submit'])) { if($username == "admin" AND $password == "admin") { echo "Welcome to the Admin Control Panel. Please select your action below:<br /><br /> If you would like to see a list of users, please click <a href=\"show_ids.php\">HERE</a>"; } else { echo "Please <a href=\"crud.php?action=admin&failures=$failures\">try again</a>"; } } else { echo "<h2><center>ADMIN LOGIN</center></h2>"; echo "<form action=\"crud.php?action=admin\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login as Admin\"></td> </tr> </table> </form>"; } break; default: echo "Action not found."; break; } ?> Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-304255 Share on other sites More sharing options...
aim25 Posted July 21, 2007 Share Posted July 21, 2007 $fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')"; take the brackets out. And maybe change the = to ==. Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-304258 Share on other sites More sharing options...
marcus Posted July 21, 2007 Share Posted July 21, 2007 $fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { CHANGE TO: $fetch = "SELECT `password` FROM `tbl_users` WHERE `username` ='$username1'"; $pass2 = mysql_query($fetch) or die(mysql_error()); $pfet = mysql_fetch_assoc($pass2); $password2 = $pfet['password']; if($password == $password2){ Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-304279 Share on other sites More sharing options...
tanvir Posted July 21, 2007 Share Posted July 21, 2007 $password2 = mysql_query($fetch); if($password == $password2) $password2 is the result. it doesn't contain the real password yet. In order to get the password, you have to use function like mysql_fetch_row($password2) to get it. You also can use the previous script posted. Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-304283 Share on other sites More sharing options...
spode Posted July 23, 2007 Author Share Posted July 23, 2007 thanks for the great reply guys, it worked perfectly, but one quick question is it necessary to use 'mysql_fetch_assoc()' rather than using 'myspl_fetch_array()' ? thanks again Link to comment https://forums.phpfreaks.com/topic/61140-script-not-workin-help-plz/#findComment-305605 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.