cfgcjm Posted January 21, 2008 Share Posted January 21, 2008 Working on this login script and it's running but even if i put a valid username and passwrod in it sends me to the rejection page. Anyone see any issues? <?php /* Login Script */ require ('mysql.php'); session_start(); if (isset ($_POST['submit'])) { // Check to see if the form has been submitted $username = $_POST['username']; $password = md5 ($_POST['password']); // we MD5 encrypted the password at registration, // so we must do this on the login as well // See if the user exists $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; if ($r = mysql_query ($sql)) { $row = mysql_fetch_array ($r); $num = mysql_num_rows ($r); if ($num > 0) { // if there is a row with that username/password, the user exists // Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in" $_SESSION['users_id'] = $row['users_id']; $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in header("Location:home.php"); exit; } else { // User does not exist header("location:reject.php"); exit; } } else { // The query failed print 'ERROR : Connection Not Established'; // print the MySQL error exit; } } ?> Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/ Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 u get any errors? error_reporting(E_ALL); and put in the else and comment out the other lines just to see whats happening. die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444824 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 I dont know if i'm sure i put those error calls in the right place because i didn't get anything Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444826 Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 try this: $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; if ($r = mysql_query ($sql)) { $row = mysql_fetch_array ($r); $num = mysql_num_rows ($r); if ($num > 0) { // if there is a row with that username/password, the user exists // Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in" $_SESSION['users_id'] = $row['users_id']; $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in header("Location:home.php"); exit; } else { die(mysql_error()); } Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444829 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 i adapted it into my code like this: <?php require ('mysql.php'); session_start(); if (isset ($_POST['submit'])) { // Check to see if the form has been submitted $username = $_POST['username']; $password = md5 ($_POST['password']); // we MD5 encrypted the password at registration, // so we must do this on the login as well $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; if ($r = mysql_query ($sql)) { $row = mysql_fetch_array ($r); $num = mysql_num_rows ($r); if ($num > 0) { // if there is a row with that username/password, the user exists // Now we can assign some SESSIONS, so we can verify on later pages that the user is "logged in" $_SESSION['users_id'] = $row['users_id']; $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = TRUE; // This is where we will check to see if the user is logged in header("Location:home.php"); exit; }}} else { die(mysql_error()); } ?> and got nothing but a blank white screen Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444833 Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 scratch that i dont think im doign that right anyway. haha try doing a sql query to get the data that relates to the username <?php $query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; $result=mysql_query($query); while($array=mysql_fetch_assoc($result)){ $dbpassword = $array['password'] } if($password == $dbpassword){ continue } else { bla bla bla ?> Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444835 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 i had to change your code around cause it was giving me a whole load of syntax errors but i changed it to this and got a yes returned: <?php require ('mysql.php'); $query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; $result=mysql_query($query); while($array=mysql_fetch_assoc($result)){ $dbpassword = $array['password']; } if($password == $dbpassword){ print'yes';} else { print'bla bla bla'; } ?> Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444837 Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 heh that wasnt a final code i ment for you to adapt that haha but so it working now? Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444838 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 yeah but if i type in a bogus username or password it still returns yes Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444839 Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 set the post data to be something other then $password like try it as $userpass dont forget to change if($password == $dbpassword){ to if($userpass == $dbpassword){ Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444840 Share on other sites More sharing options...
mmarif4u Posted January 21, 2008 Share Posted January 21, 2008 Try like this: <?php require ('mysql.php'); $query="SELECT * FROM users WHERE username = '$username' LIMIT 1"; $result=mysql_query($query); if(mysql_num_rows($result)>0){ $array=mysql_fetch_object($result); $dbpassword = $array['password']; if($password == $dbpassword){ echo 'yes';} else { echo 'bla bla bla'; } } ?> Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444841 Share on other sites More sharing options...
pdkv2 Posted January 21, 2008 Share Posted January 21, 2008 First of all fry to echo $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; and see what query you get and is it working on the mysql also. And also check with the register_globals directive in the php.ini file, if it is on then it might be possible that your $password variable is pointing to the password entered by the user (not the one which you encrypted by md5). Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444848 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 firstly, pdkv2, my apologies but i have no clue what you said even means. I'm pretty new to php... mmarif4u, that just gives me a white screen Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444862 Share on other sites More sharing options...
mmarif4u Posted January 21, 2008 Share Posted January 21, 2008 Please post ur updated code. Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444865 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 I'm with sstangle73 on AIM so it's changing but right now it's <?php include("mysql.php"); session_start(); error_reporting(E_ALL); if(isset($_POST['submit'])){ $username = $_POST['username']; $userpass = md5($_POST['password']); $query="SELECT * FROM users WHERE username = '$userpass' LIMIT 1"; $result=mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)>0){ $array=mysql_fetch_array($result); $dbpassword = $array[password]; } if($userpass == $dbpassword){ echo "Pass"; } else { echo "Fail" . $password . "," . $dbpassword . "," . $userpass . "," . $username; } } else { echo "You Must Fill Out The Form"; } ?> Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444867 Share on other sites More sharing options...
mmarif4u Posted January 21, 2008 Share Posted January 21, 2008 can u show us the form. from where the username and password is coming. Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444870 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 http://digiconmediagroup.com/Homeplate/portal/ Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444877 Share on other sites More sharing options...
mmarif4u Posted January 21, 2008 Share Posted January 21, 2008 It says Fail,if i enter wrong input. I think its working. Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444882 Share on other sites More sharing options...
sstangle73 Posted January 21, 2008 Share Posted January 21, 2008 i figured it out it was always saying fail. so it ended up being that his pw field in his db was only 20 char long so the md5 was getting cut off so the new md5 and the db one didnt match Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444887 Share on other sites More sharing options...
cfgcjm Posted January 21, 2008 Author Share Posted January 21, 2008 'tis the sad truth...not very exciting. Thanks again steven Link to comment https://forums.phpfreaks.com/topic/86991-solved-login-script/#findComment-444890 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.