dennismonsewicz Posted August 28, 2007 Share Posted August 28, 2007 <?php ob_start(); include "includes/db_login.php"; // username and password sent from signup form $username=$_POST['username']; $password=$_POST['password']; $sql="SELECT * FROM users WHERE username='" . $username . "' and password='" . $password . "'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "login_success.php" session_register("username"); session_register("password"); header("location:../index.php"); } else { include "includes/header.php"; echo "<p>Wrong Username or Password</p>"; include "includes/footer.php"; } ob_end_flush(); ?> I am using the above code to check when a user tries to login to the company intranet. But when a username and password is given I receive the else printed statement, "Wrong Username or Password". I know the connection information to the database is correct, I have no idea why it is doing. NEED HELP FAST! All help is appreciated. Thanks, Dennis Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 28, 2007 Share Posted August 28, 2007 U should try debuging, are $username and $password getting values? Try echoing $result. Try echoing $count. The problem may come from everywhere. Also consider sanitizing the input like: $username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']); EDIT: Write the query in a whole string so u can see and debug it better. Not that it will correct your problem anyway. $sql="SELECT * FROM users WHERE username='$username' AND password='$password'" Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 28, 2007 Share Posted August 28, 2007 Oh it just came in mind. Are u using md5(), sha1() or any other hashing techniques for your passwords stored in the db? Then $password = md5($_POST['password']); Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted August 28, 2007 Author Share Posted August 28, 2007 I tried everything you suggested. I am using md5 hashing for my passwords. I tried printing out $result and got nothing and I tried printing out $count and got nothing. I then tried printing out $username and the username is being passed Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 28, 2007 Share Posted August 28, 2007 If username and password are passed via post then it cant be other then encryption thing. Did u try encrypting the $password variable: $password = md5($_POST['password'])? As u are comparing the input password with the stored one, it needs to compare a hash with a hash and not string with a hash. Quote Link to comment Share on other sites More sharing options...
chronister Posted August 28, 2007 Share Posted August 28, 2007 Try adding an or die(mysql_error()) behind your query. If $count has nothing, then you need to start above it and figure out why it has nothing. When I run into problems, I have a pretty standard debugging system. When if statements are involved, I echo random shit to see which piece of the if / else is running. When variables are involved I echo the variables to see if they are being populated with data. When I have a query that is not running right, I echo the query to see what the actual query being performed is. 99.999% of the time, simply echoing out pieces of the script can help pinpoint the problem, the other .0001% gets fixed by adding an or die() clause to queries. Nate Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted August 28, 2007 Author Share Posted August 28, 2007 <?php ob_start(); include "includes/db_login.php"; // username and password sent from signup form $username = $_POST['username']; $password = md5($_POST['password']); $sql="SELECT * FROM users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "login_success.php" session_register("username"); session_register("password"); header("location:http://intranet.healthresources.net/index.php"); } else { include "includes/header.php"; echo "<p>Wrong Username or Password</p>"; include "includes/footer.php"; } ob_end_flush(); ?> Above is the new code you suggested using the md5 hashing Quote Link to comment Share on other sites More sharing options...
Fadion Posted August 28, 2007 Share Posted August 28, 2007 Above is the new code you suggested using the md5 hashing Yes, and it worked? If not then consider also what chronister said. We can smash our eyes on your code but we are the only one who can really fix it and debuging each part of it to isolate the problem is the best way. Quote Link to comment Share on other sites More sharing options...
dennismonsewicz Posted August 28, 2007 Author Share Posted August 28, 2007 PROBLEMED SOLVED! I forgot to add the db_login.php to the includes folder! LOL! Thanks for your help bud! Quote Link to comment Share on other sites More sharing options...
chronister Posted August 28, 2007 Share Posted August 28, 2007 that'll do it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.