My Login Script

[forumnz]

Oh dear. Running into problems today...

 

How is this wrong?

 

if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
                    echo "Well done!";
            } 
            else{
                   //invalid username of password
                  //redirect to login page
                  header("Location: login.php");
            }
}

 

Thanks,

Sam.

[darkfreaks]

what is the errors you get?

[forumnz]

It doesnt log me in.

I just go back to the login.php page.

 

I think it might be to do with the MD5?

[darkfreaks]

it doesnt log you in because you are telling it else redirect to login.php if successful.

 

 

try

 

<?php

}else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); } ?>

[forumnz]

Huh?

 

OK I changed it, but now if I try to login with any random user and pass, it lets me?

[darkfreaks]

that is because you need to check for the username and password in the database

 

http://www.phpeasystep.com/workshopview.php?id=6

 

this is what you need.

[forumnz]

Ahh! This is hard. Ok I'll start from scratch. Do you know of any good web tutorials?

[darkfreaks]

the one i posted above?

[forumnz]

Ok then.

 

Right, what should I do then. This is the current code below. I get error : Parse error: syntax error, unexpected $end in /usr/local/www/vhosts/bidbuddy.co.nz/httpdocs/login2.php on line 37

 

if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
                    echo "Well done!";
            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }

 

Thanks.

[darkfreaks]

were missing a closing bracket tell me what you get now:

 

<?php
if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
                    echo "Well done!";
            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }
    }
?>

[forumnz]

I get the same error.

[darkfreaks]

<?php
if(count($_POST)>0)
{
           $username=$_POST["username"];
           $password=$_POST["password"];
	   $password=md5($password);
           $sql="SELECT * FROM members
                    WHERE
                    username=\"$username\" 
                    AND 
                    password=\"$password\"";
            $rs=mysql_query($sql);               //execute the query
            if(mysql_num_rows($rs)==1) {
                    echo "Well done!";
            }else{

if(mysql_num_rows($rs)==0) {

//invalid username of password
                  //redirect to login page
                  header("Location: login.php"); }
    }
}
?>

[forumnz]

Ok no error this time but it goes back to login.php

 

help?

[darkfreaks]

is the user and pass in the database? because if not it will redirect.

[forumnz]

Hi yes it is.

 

Username and password are both there and the password is MD5...

[darkfreaks]

dont think this will help but try puting souble quotes around the numbers like =="0"

[forumnz]

Hang on..... got it!!

 

Now i just need it to set a cookie.

 

I will try that myself.

 

Should I use cookies or sessions?

[darkfreaks]

LOL i was about to say you should set a session before anything 

[LemonInflux]

I would say sessions. Less people think sessions contain viruses.

[darkfreaks]

sessions are more secure and cant be hijacked as easily

[forumnz]

I dolnt really know about sessions.

 

Can they last for a certain amount of time, hold uid, etc?

 

Sam.

[darkfreaks]

use session_register and session_destroy

 

and yes they can hold about anything just like cookies

[forumnz]

So I should register a session instead of it echoing "Well done!"?

 

[darkfreaks]

google  PHP login tutorials with sessions this might help more.

[rarebit]

http://www.tizag.com/phpT/phpsessions.php