spode Posted July 21, 2007 Share Posted July 21, 2007 hey guys, sorry for such an undescriptive title, i just couldnt think of somethign to title it anyways this is my very very first (and simple) login script..i have a simple table set up that has a username and password. For some reason though, when i try to 'login', even though i know for a fact the password is right, i still get my error telling me 'Your password was incorrect.' Help me out? Do I have something wrong? <?php case 'login': if(isset($_POST['submit'])) { $username1 = $_POST['username']; $password = $_POST['password']; $fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page."; } else { echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>."; } } else { echo "<h2><center>LOGIN</center></h2>"; echo "<form action=\"crud.php?action=login\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login\"></td> </tr> </table> </form>"; } break; ?> Quote Link to comment Share on other sites More sharing options...
aim25 Posted July 21, 2007 Share Posted July 21, 2007 Is that the whole script? Quote Link to comment Share on other sites More sharing options...
spode Posted July 21, 2007 Author Share Posted July 21, 2007 no, this is: <?php $host = "*****"; $username = "*****"; $password = "****"; $dbc = mysql_connect($host, $username, $password) or die (mysql_error()); $select = mysql_select_db('colsim0_mysql'); $uid = $_GET['uid']; $action = $_GET['action']; switch($action) { case 'edit': if (isset($_POST['submit'])) { $uname = $_POST['uname']; $npass = $_POST['npass']; $vpass = $_POST['vpass']; if ($vpass == $npass) { $insertinfo = "UPDATE `tbl_users` SET `username`='$uname', `password`='$npass' WHERE `uid`='$uid'"; if (mysql_query($insertinfo)) { echo "Information successfully updated! Your new username is " . $uname . " and your new password is " . $npass . "<br /> Click <a href=\"show_ids.php\">here</a> to go back."; } else { echo "Information failed to update because " . mysql_error(); } } else { echo "Your passwords did not match. Please <a href=\"crud.php?uid={$list['uid']}&action=edit\">try again</a>"; } } else { $query = "SELECT * FROM tbl_users WHERE (uid=$uid)"; $r = mysql_query ($query); $info = mysql_fetch_array($r); echo "<h1>Edit Information</h1> <form action=\"crud.php?action=edit\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"uname\" value='{$info['username']}' size=\"20\"></td> </tr> <tr> <td>New Password:</td> <td><input type=\"password\" name=\"npass\" value='{$info['password']}' size=\"20\"></td> </tr> <tr> <td>Verify Password:</td> <td><input type=\"password\" name=\"vpass\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Update\"> </form> </table>"; } break; case 'delete': $delete = "DELETE FROM tbl_users WHERE uid=$uid"; $r = mysql_query($delete); if (mysql_affected_rows() == 1) { echo '<p>Your account has been deleted.'; } else { echo '<p>Could not delete your account because: ' . mysql_error(); } break; case 'new': if(isset($_POST['submit'])) { $newusername = $_POST['newusername']; $newpassword = $_POST['newpassword']; $result = mysql_query("SELECT `username` FROM `tbl_users` WHERE (username='$newusername')") or die(mysql_error()); if (mysql_num_rows($result) == 0) { $createaccount = "INSERT INTO tbl_users (username, password) VALUES ('$newusername','$newpassword')"; $result = mysql_query($createaccount) or die(mysql_error()); echo "<p>Go back to the account viewer by clicking <a href=\"show_ids.php\">here</a></p>"; } else { echo "<p>That username already exists. Please <a href=\"crud.php?uid={$list['uid']}&action=new\">try again</a></p>"; } } else { echo "<h1>New Account</h1> <form action=\"crud.php?action=new\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"newusername\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"newpassword\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Register\"></td> </tr> </form> </table>"; } break; case 'login': if(isset($_POST['submit'])) { $username1 = $_POST['username']; $password = $_POST['password']; $fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { echo "Welcome, you are now logged in. Click <a href=\"index.php\">HERE</a> to go back to the home page."; } else { echo "Your password was incorrect, please try again by clicking <a href=\"crud.php?action=login\">HERE</a>."; } } else { echo "<h2><center>LOGIN</center></h2>"; echo "<form action=\"crud.php?action=login\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login\"></td> </tr> </table> </form>"; } break; case 'admin': $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['submit'])) { if($username == "admin" AND $password == "admin") { echo "Welcome to the Admin Control Panel. Please select your action below:<br /><br /> If you would like to see a list of users, please click <a href=\"show_ids.php\">HERE</a>"; } else { echo "Please <a href=\"crud.php?action=admin&failures=$failures\">try again</a>"; } } else { echo "<h2><center>ADMIN LOGIN</center></h2>"; echo "<form action=\"crud.php?action=admin\" method=\"post\"> <table> <tr> <td>Username:</td> <td><input type=\"text\" name=\"username\" size=\"20\"></td> </tr> <tr> <td>Password:</td> <td><input type=\"password\" name=\"password\" size=\"20\"></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Login as Admin\"></td> </tr> </table> </form>"; } break; default: echo "Action not found."; break; } ?> Quote Link to comment Share on other sites More sharing options...
aim25 Posted July 21, 2007 Share Posted July 21, 2007 $fetch = "SELECT `password' FROM `tbl_users` WHERE (username='$username1')"; take the brackets out. And maybe change the = to ==. Quote Link to comment Share on other sites More sharing options...
marcus Posted July 21, 2007 Share Posted July 21, 2007 $fetch = "SELECT `password` FROM `tbl_users` WHERE (username='$username1')"; $password2 = mysql_query($fetch); if($password == $password2) { CHANGE TO: $fetch = "SELECT `password` FROM `tbl_users` WHERE `username` ='$username1'"; $pass2 = mysql_query($fetch) or die(mysql_error()); $pfet = mysql_fetch_assoc($pass2); $password2 = $pfet['password']; if($password == $password2){ Quote Link to comment Share on other sites More sharing options...
tanvir Posted July 21, 2007 Share Posted July 21, 2007 $password2 = mysql_query($fetch); if($password == $password2) $password2 is the result. it doesn't contain the real password yet. In order to get the password, you have to use function like mysql_fetch_row($password2) to get it. You also can use the previous script posted. Quote Link to comment Share on other sites More sharing options...
spode Posted July 23, 2007 Author Share Posted July 23, 2007 thanks for the great reply guys, it worked perfectly, but one quick question is it necessary to use 'mysql_fetch_assoc()' rather than using 'myspl_fetch_array()' ? thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.