timmah1 Posted February 15, 2008 Share Posted February 15, 2008 Can anybody tell me why this won't login, regardless if the info is right or not? It constantly says "Incorrect Login" I cannot find my error anywhere <?php session_start(); require("config.php"); require("functions.php"); $db = mysql_connect($dbhost, $bduser, $dbpassword); mysql_select_db($dbdatabase, $db); if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrow == 1) { $row = mysql_fetch_assoc($result); if($row['active'] == 1) { session_register("USERNAME"); session_register("USERID"); $_SESSION['USERNAME'] = $row['username']; $_SESSION['USERID'] = $row['id']; switch($_GET['ref']) { case "addbid": header("Location: " . $config_basebir . "/itemdetails.php?id=" . $_GET['id'] . "#bidbox"); break; case "newitem": header("Location: " . $config_basedir . "/newitem.php"); break; case "images": header("Location: " . $config_basedir . "/addimages.phpid=" . $_GET['id']); break; default: header("Location: " . $config_basedir); break; } } else { require("header.php"); echo "<font color='#FF0000'>This account is not yet verified. You were emailed a link to verify the account. Please click on the link in the email to continue.</font>"; } } else { header("Location: " . $config_basedir . "login.php?error=1"); } } else { require("header.php"); echo "<h1>L ogin</h1>"; if($_GET['error']) { echo "<font color='#FF0000'>Incorrect login, please try again!</font>"; } ?> <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </form> Don't have an account? Go and <a href="register.php">Register</a>! <?php } require("footer.php"); ?> Thanks in advance Quote Link to comment Share on other sites More sharing options...
mem0ri Posted February 15, 2008 Share Posted February 15, 2008 Sounds a lot like what happens to me when I'm encoding (through md5 or other encoding) a password on account creation but then forget to encode the $_POST[] result on login... ...is the password encoded on your database? Also...instead of if ($numrows == 1) try if($numrows != FALSE) Quote Link to comment Share on other sites More sharing options...
timmah1 Posted February 15, 2008 Author Share Posted February 15, 2008 For this no, the passwords are not encrypted Quote Link to comment Share on other sites More sharing options...
timmah1 Posted February 15, 2008 Author Share Posted February 15, 2008 Found the problem I had if ($numrow == 1) when it should have been if ($numrows == 1) Quote Link to comment Share on other sites More sharing options...
cyrixware Posted February 15, 2008 Share Posted February 15, 2008 Or you can try this one.. <? session_start(); ?> <form method=post action="login.php"> <div align="center"> <table> <tr> <td><div align="left"><font color="#000066" size=2 face=Verdana>Username</font></div></td> <td><div align="left"> <input type="text" name="username" class="textBox"> </div></td> <td><div align="left"> <input type="Submit"sss name="Submit" value=Login> </div></td> </tr> <tr> <td><div align="left"><font color="#000066" size=2 face=Verdana>Password</font></div></td> <td><div align="left"> <input type="password" name="passwrd" class="textBox"> </div></td> <td><div align="left"> <input name="Reset" type=Reset value=Clear> </div></td> </tr> <tr> <td></td> <td> </td> <td> </td> </tr> </table> </div> </form> <? if($_REQUEST['Submit'] == "Login") { $username = $_REQUEST['username']; $passwrd = $_REQUEST['passwrd']; include("../connDB.php"); $sql = "SELECT * FROM admin WHERE Username = '$username' AND Password = '$passwrd'"; if(!$q = mysql_query($sql)) { die(mysql_error()); } elseif(mysql_num_rows($q) == 0) { echo "<font size=2 face=Verdana color=red><b>Invalid Username or Password!</b></font><br>"; echo "<font size=2 face=verdana color=red><b>Try Again</b></font>"; } else { $r = mysql_fetch_assoc($q); $TID = '1'; $session_id = md5(date("Y-m-d H:i:s") . $TID); $sql1 = "UPDATE admin SET SessionID= '$session_id' WHERE Type = '$TID'"; if(!$q1 = mysql_query($sql1)) { die(mysql_error()); } elseif(mysql_affected_rows() == 0) { echo "<font size=2 face=Verdana color=red>Failed to create session id!</font>"; } else { $_SESSION['session_id'] = $session_id; } } $session_id = $_SESSION['session_id']; if($session_id != null && $session_id != "") { ?> <script language=JavaScript> win = window.open('admin.php?ID=<?=$session_id;?>','_self') </script> <? } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.