[SOLVED] Login Script

cfgcjm · January 21, 2008

Working on this login script and it's running but even if i put a valid username and passwrod in it sends me to the rejection page. Anyone see any issues?

<?php
/* Login Script */
require ('mysql.php');
session_start();

if (isset ($_POST['submit'])) { // Check to see if the form has been submitted
$username = $_POST['username'];
$password = md5 ($_POST['password']); // we MD5 encrypted the password at registration, 
									  // so we must do this on the login as well

// See if the user exists
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
if ($r = mysql_query ($sql)) {
	$row = mysql_fetch_array ($r);
	$num = mysql_num_rows ($r);

	if ($num > 0) { // if there is a row with that username/password, the user exists
		// Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in"
		$_SESSION['users_id'] = $row['users_id'];
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in
		header("Location:home.php");
		exit;

	} else {
		// User does not exist
		header("location:reject.php");
		exit;
	}
} else {
	// The query failed
	print 'ERROR : Connection Not Established'; // print the MySQL error
	exit;
}
}
?>

sstangle73 · January 21, 2008

u get any errors?

error_reporting(E_ALL);

and put

in the else and comment out the other lines just to see whats happening.

die(mysql_error());

cfgcjm · January 21, 2008

I dont know if i'm sure i put those error calls in the right place because i didn't get anything

sstangle73 · January 21, 2008

try this:

$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
if ($r = mysql_query ($sql)) {
	$row = mysql_fetch_array ($r);
	$num = mysql_num_rows ($r);

	if ($num > 0) { // if there is a row with that username/password, the user exists
		// Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in"
		$_SESSION['users_id'] = $row['users_id'];
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in
		header("Location:home.php");
		exit;

	} else {
die(mysql_error());
	}

cfgcjm · January 21, 2008

i adapted it into my code like this:

<?php
require ('mysql.php');
session_start();
if (isset ($_POST['submit'])) { // Check to see if the form has been submitted
$username = $_POST['username'];
$password = md5 ($_POST['password']); // we MD5 encrypted the password at registration, 
									  // so we must do this on the login as well
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
if ($r = mysql_query ($sql)) {
	$row = mysql_fetch_array ($r);
	$num = mysql_num_rows ($r);

	if ($num > 0) { // if there is a row with that username/password, the user exists
		// Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in"
		$_SESSION['users_id'] = $row['users_id'];
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in
		header("Location:home.php");
		exit;

	}}} else {
die(mysql_error());
}		
?>

and got nothing but a blank white screen

sstangle73 · January 21, 2008

scratch that i dont think im doign that right anyway. haha

try doing a sql query to get the data that relates to the username

<?php 
$query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; 
$result=mysql_query($query); 
while($array=mysql_fetch_assoc($result)){
$dbpassword = $array['password']
}
if($password == $dbpassword){
continue
} else {
bla bla bla

?>

cfgcjm · January 21, 2008

i had to change your code around cause it was giving me a whole load of syntax errors but i changed it to this and got a yes returned:

<?php 
require ('mysql.php');
$query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; 
$result=mysql_query($query); 
while($array=mysql_fetch_assoc($result)){
$dbpassword = $array['password'];
}
if($password == $dbpassword){
print'yes';} else {
print'bla bla bla';
}
?>

sstangle73 · January 21, 2008

heh that wasnt a final code i ment for you to adapt that haha but so it working now?

cfgcjm · January 21, 2008

yeah but if i type in a bogus username or password it still returns yes

sstangle73 · January 21, 2008

set the post data to be something other then $password like try it as $userpass

dont forget to change

if($password == $dbpassword){

to

if($userpass == $dbpassword){

mmarif4u · January 21, 2008

Try like this:

<?php 
require ('mysql.php');
$query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; 
$result=mysql_query($query);
if(mysql_num_rows($result)>0){
$array=mysql_fetch_object($result);
$dbpassword = $array['password'];

if($password == $dbpassword){
echo 'yes';} else {
echo 'bla bla bla';
}
}
?>

pdkv2 · January 21, 2008

First of all fry to echo

$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";

and see what query you get and is it working on the mysql also.

And also check with the register_globals directive in the php.ini file, if it is on then it might be possible that your $password variable is pointing to the password entered by the user (not the one which you encrypted by md5).

cfgcjm · January 21, 2008

firstly, pdkv2, my apologies but i have no clue what you said even means. I'm pretty new to php...

mmarif4u, that just gives me a white screen

mmarif4u · January 21, 2008

Please post ur updated code.

cfgcjm · January 21, 2008

I'm with sstangle73 on AIM so it's changing but right now it's

<?php
include("mysql.php");
session_start();
error_reporting(E_ALL);
if(isset($_POST['submit'])){ 
  
$username = $_POST['username'];
$userpass = md5($_POST['password']); 
  
$query="SELECT * FROM users WHERE username = '$userpass' LIMIT 1"; 
$result=mysql_query($query) or die(mysql_error()); 
if(mysql_num_rows($result)>0){
$array=mysql_fetch_array($result);
$dbpassword = $array[password];
}
if($userpass == $dbpassword){
echo "Pass";
} else {
echo "Fail" . $password . "," . $dbpassword . "," . $userpass . "," . $username; 
  
}
} else {
echo "You Must Fill Out The Form";
}
?>

mmarif4u · January 21, 2008

can u show us the form.

from where the username and password is coming.

cfgcjm · January 21, 2008

http://digiconmediagroup.com/Homeplate/portal/

mmarif4u · January 21, 2008

It says Fail,if i enter wrong input.

I think its working.

sstangle73 · January 21, 2008

i figured it out it was always saying fail. so it ended up being that his pw field in his db was only 20 char long so the md5 was getting cut off so the new md5 and the db one didnt match

cfgcjm · January 21, 2008

'tis the sad truth...not very exciting.

Thanks again steven

Sign In

[SOLVED] Login Script

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information