akrin03 Posted February 7, 2008 Share Posted February 7, 2008 Hello I'm having a problem with my login script. When the player 'registers', the information is added to the database but when they attempt to login they get the error message .. "Wrong username or password" I cheched the username/password and they are correct ... There is the code for the files If you want, please visit my website and attempt to register login, etc. http://jwar.lmninfo.com/jwar authenticate.php below: <?php include "connect.php"; if (isset($_POST['submit'])) // name of submit button { $player=$_POST['player']; $password=$_POST['password']; $player=strip_tags($player); $password=md5($password); $query = "select * from pfile where playername='$player' and password='$password'"; $result = mysql_query($query) or die("No te Gusta"); $result2=mysql_fetch_array($result); if($result2) { session_start(); $_SESSION['player']=$player; print "logged in successfully<br><br>"; print "<A href='index.php'>Taking you to game...</a>"; } else { print "Wrong username or password or non-activated account."; } } connect.php (connect to database: some username/password removed for security reasons <? parse_str("$QUERY_STRING"); $db = mysql_connect("", "", "") or die("Could not connect."); if(!$db) die("no db"); if(!mysql_select_db("",$db)) die("No database selected."); if(!get_magic_quotes_gpc()) { $_GET = array_map('mysql_real_escape_string', $_GET); $_POST = array_map('mysql_real_escape_string', $_POST); $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE); } else { $_GET = array_map('stripslashes', $_GET); $_POST = array_map('stripslashes', $_POST); $_COOKIE = array_map('stripslashes', $_COOKIE); $_GET = array_map('mysql_real_escape_string', $_GET); $_POST = array_map('mysql_real_escape_string', $_POST); $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE); } ?> login.php <?php session_start(); if(isset($_SESSION['player'])) { session_destroy(); } ?> <html> <form method="POST" action="authenticate.php"> Type Username Here: <input type="text" name="player" size="15"><br> Type Password Here: <input type="password" name="password" size="15" mask="x"><br> <input type="submit" value="submit" name="submit"><br><br> Not registered? Please <A href='register.php'>Register</a><br><br> Forgot password? <A href="getpass.php">Get Password</a><br><br> Be sure to actually hit the "login" button when you login, hitting enter on the keyboard will not work, sorry.<br><br> </form> </html> register.php <html> <form method="post" action="reguser.php"> Username: <input type="text" name="player" size="15"><br> Password: <input type="text" name="password" size="15"><br> Retype password: <input type="text" name="pass2" size="15"><br> E-mail: <input type="text" name="email" size="20"><br> <input type="submit" value="submit"> </form> </html> reguser.php <?php include "connect.php"; $path=""; $player=$_POST['player']; $password=$_POST['password']; $pass2=$_POST['pass2']; $player=strip_tags($player); $email=$_POST['email']; $email=strip_tags($email); $empirename=$_POST['player']; $empirename=strip_tags($empirename); if ($password==$pass2) { $isplayer="SELECT * from pfile where playername='$player'"; $isplayer2=mysql_query($isplayer) or die("Could not query players table"); $isplayer3=mysql_fetch_array($isplayer2); if(!$_POST['password'] || !$_POST['pass2']) { print "You did not enter a password"; } else if($isplayer3 || strlen($player)>15 || strlen($player)<1) { print "There is already a player of that name or the name you specified is over 15 letters or less than 1 letter"; } else { $isaddress="SELECT * from pfile where email='$email'"; $isaddress2=mysql_query($isaddress) or die("not able to query for password"); $isaddress3=mysql_fetch_array($isaddress2); if($isaddress3) { print "There is already a player with that e-mail address"; } else { $password=md5($password); $date=round(date("U")/1000); srand($date); $thekey=rand(1,100000000); $thekey=md5($thekey); $SQL = "INSERT into pfile(playername, password, email, empirename, pturns, ghost, citizens, morale, health, homeless, bturns) VALUES ('$player','$password', '$email','$empirename','10','20', '1000', '100', '100', '0', '0')"; mysql_query($SQL) or die("could not register"); print "registration successful. You have been sent an activation key.<br>"; print "Click here to <A href='login.php'>Login</a>"; } } } else { print "You suck, your passwords didn't match or you did not enter a password"; } ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted February 7, 2008 Share Posted February 7, 2008 try <?php session_start(); // HAS TO BE ON TOP OF THE PAGE include "connect.php"; if (isset($_POST['submit'])) // name of submit button { $player=$_POST['player']; $password=$_POST['password']; $player=strip_tags($player); $password=md5($password); $query = "select * from pfile where playername='$player' and password='$password'"; $result = mysql_query($query) or die("No te Gusta"); $result2=mysql_fetch_array($result); if(mysql_num_rows($results)>0) { $_SESSION['player']=$player; print "logged in successfully<br><br>"; print "<A href='index.php'>Taking you to game...</a>"; } else { print "Wrong username or password or non-activated account."; } } Quote Link to comment Share on other sites More sharing options...
akrin03 Posted February 8, 2008 Author Share Posted February 8, 2008 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/jwar.lmninfo.com/jwar/authenticate.php on line 15 Wrong username or password or non-activated account. Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 That means the username and/or pw you use for your MySQL DB is wrong. Quote Link to comment Share on other sites More sharing options...
akrin03 Posted February 8, 2008 Author Share Posted February 8, 2008 It was because of the MD5 encoded password, for some reason the login script wasn't decoding the MD5 passwordand allowing the user to login but now that has been fixed, though I had to remove the MD5 encoding. I know how to encode the password, how do you tell the login script to read the MD5 encoded password? Thanks again Quote Link to comment Share on other sites More sharing options...
revraz Posted February 8, 2008 Share Posted February 8, 2008 You compare the encoded PW to the one stored in the db. So anytime you send a request to the DB, you use MD5 before the PW. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted February 8, 2008 Share Posted February 8, 2008 You Md5 the password they registered with, and everytime they try to log in, you take the password they try to log in with, md5 it, and see if the md5'ed password they registered with is matching the one in they are trying to log in with. As Revraz Said... Quote Link to comment Share on other sites More sharing options...
phpSensei Posted February 8, 2008 Share Posted February 8, 2008 Sorry cant modify post: Example: Password I am Trying to Log in With is: Hello Now I take the Password and Md5 it: 9u4329u40u433240u2340u3 (not an actual md5 hash) Now You take the Username of the Login Field, Get that Users Password, and Compare it With the Login Password. 9u4329u40u433240u2340u3 (Hello Hash) != 9u434324324324324324243 (Registered Password) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.