My login doesn't work!

[Xyphon]

<?PHP

// Connects to your Database

include('Connect.php');

 

$submit= $_POST['submit'];

 

//Body Settings

echo "<center><font color='#AFAFAF' face='verdana' size='1'>";

 

//If User Is Logged In

if(isset($_COOKIE['UserID']))

{

//Display Message

echo "Sorry, you are already logged in. Click <a href='index.php'>Here</a> to go back.";

 

//Exit Page

exit;

}

 

//If Form Is Submitted

if($submit)

{

// Checks if pass/user exists

$_POST['username'] = addslashes($_POST['username']);

$usercheck = $_POST['username'];

$_POST['password'] = addslashes($_POST['password']);

$passcheck = $_POST['password'];

$Result1= mysql_query("SELECT * FROM users WHERE username='$usercheck' AND password='$passcheck'");

$Rows1= mysql_fetch_array($Result1);

$Rows2= mysql_fetch_array($Result2);

 

 

if($Rows1==0)

{

echo "Invalid Username/password.";

exit;

}

 

$UserID= $Rows1['ID'];

 

setcookie("UserID", "$UserID", time()+9999999);

 

echo "You have successfully logged in.<br /><br /><a href='index.php'>Continue</a>";

}

//If Form Isn't Submitted

else

{

echo "

<form method='POST'>

<input type='hidden' name='submit' value='1'>

 

<b>Username</b><br />

<input type=\"text\" name=\"username\" maxlength=\"30\">

<br /><br />

<b>Password</b><br />

<input type=\"password\" name=\"password\" maxlength=\"25\">

<br /><br />

<input type='submit' value='Sign In' onclick=\"this.disabled='true'; this.value='Please Wait...'; this.form.submit();\">

</form>";

}

 

?>

 

 

 

The error is no matter what I type in, even if it's valid, it says invalid user/password.

[marcus]

<?php
// Connects to your Database
include ('Connect.php');

$submit = $_POST['submit'];

//Body Settings
echo "<center><font color='#AFAFAF' face='verdana' size='1'>";

//If User Is Logged In
if (isset($_COOKIE['UserID'])) {
    //Display Message
    echo "Sorry, you are already logged in. Click <a href='index.php'>Here[/url] to go back.";

    //Exit Page
    exit;
}

//If Form Is Submitted
if ($submit) {
    // Checks if pass/user exists
    $_POST['username'] = addslashes($_POST['username']);
    $usercheck = $_POST['username'];
    $_POST['password'] = addslashes($_POST['password']);
    $passcheck = $_POST['password'];
    $Result1 = mysql_query("SELECT * FROM users WHERE username='$usercheck' AND password='$passcheck'");
    $Rows1 = mysql_fetch_array($Result1);
    $Rows2 = mysql_fetch_array($Result2);


    if (mysql_num_rows($Result1) == 0) {
        echo "Invalid Username/password.";
        exit;
    }

    $UserID = $Rows1['ID'];

    setcookie("UserID", "$UserID", time() + 9999999);

    echo "You have successfully logged in.

<a href='index.php'>Continue</a>";
}
//If Form Isn't Submitted
else {
    echo "
<form method='POST'>
<input type='hidden' name='submit' value='1'>

Username

<input type=\"text\" name=\"username\" maxlength=\"30\">



Password

<input type=\"password\" name=\"password\" maxlength=\"25\">



<input type='submit' value='Sign In' onclick=\"this.disabled='true'; this.value='Please Wait...'; this.form.submit();\">
</form>";
}

?>

 

mysql_num_rows

[Xyphon]

Thank you.. But now it says

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/ptcrpg.awardspace.com/login.php on line 28

Invalid Username/password.

 

I am a big noob, and I have trouble with errors. Do you know what else is wrong?

[marcus]

Just remove the line that has $Row2

[Xyphon]

I figured it on myself, but it still says invalid.

[trq]

Then its simply not finding a matching record. Are you passwords md5'd?

[marcus]

Try just doing:

 

$usercheck = addslashes($_POST['username']);
$passcheck = addslashes($_POST['password']);

 

When a user registers does their password get encrypted?

[Xyphon]

Yes it does

[lemmin]

Looks like you guys are right, he needs to get a hash. Just thought I would add that it shouldn't matter if he uses mysql_num_rows or not because comparing it to 0 will check if the array is NULL or not.

[Xyphon]

So I should put back empty?

[marcus]

$passcheck = md5($passcheck);

[Xyphon]

$passcheck = md5($passcheck);

I replace usercheck and passcheck with that? I dont understand how to put the variable inside itself..

[marcus]

Lol no.

 

$usercheck = addslashes($_POST['username']);
$passcheck = md5(addslashes($_POST['password']));

[Xyphon]

Thanks, but now theres soemthing wrong wiht my cookie

Warning: Cannot modify header information - headers already sent by (output started at /home/www/ptcrpg.awardspace.com/login.php: in /home/www/ptcrpg.awardspace.com/login.php on line 35

 

My friend had the same problem so he used sessions, but cookies are easier.

[marcus]

To save some time just use a buffering method.

 

<?php
ob_start();

// your code

ob_end_flush();
?>

[Xyphon]

Thank you, Im now logged in Now to reset my database..

[Xyphon]

Oops, something else wrong.. It doesnt work on internet, only on firefox O.O

[revraz]

This line is wrong as well

 

echo "Sorry, you are already logged in. Click <a href='index.php'>Here[/url] to go back.";

 

[/url]

 

is bbcode, you need a

</a>

[Xyphon]

I know, my friend was adding a few lines, and used URL for some reason. Anyways, thats fixed.. Why does it only work on firefox?