login problem

[chris_rulez001]

hi, this is my login function, when i try to login with my login details it says that they are invalid.

 

the code isnt communicating with my database, i looked at the query and it looks ok to me.

 

can someone help me please?

 

function logging_in()
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

if (empty($username) || empty($password))
{
echo "You havent filled all the required fields<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>";
}
else
{
mysql_connect("localhost", "***", "***")or die("cannot connect");
mysql_select_db("***")or die("cannot select DB");

$query = "SELECT * FROM forumusers WHERE username='$username' AND password='$password'";
$result = mysql_query($query) OR DIE("error: ".mysql_error());
mysql_close();
if (mysql_num_rows($result) > 0) {
$r = mysql_fetch_assoc($result);

$user = $r["username"];
$pass = $r["password"];
if ($username == $user && $password == $pass) {
$loggedin = TRUE;
$_SESSION["username"] = $username;
$_SESSION["access_level"] = $r["access_level"];
$_SESSION["logged_in"] = 1;
echo "Sucessfully Logged In<br/><br/><a href='index.php'>Home</a>";
}
} else {
$loggedin = FALSE;
echo "Invalid Username And Password<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>";
}
}
}

[cry of war]

Are you hosting your own website your using a Host?

[cooldude832]

change

<?php
$result = mysql_query($query) OR DIE("error: ".mysql_error());
?>

to

<?php
$result = mysql_query($query) or die (mysql_error()."<br /><br />".$query);
?>

 

Then go into phpmyadmin (or your sql manager) and run that sql query outputted (if it errors) in there to verify that your data is correct.

 

You don't need the

<?php
$user = $r['username'];
$pass = $r['password'];
?>

because you already verified it by saying

<?php
if(mysql_num_rows($result)>0){
?>

the $loggededin = TRUE is pointless also

 

also don't see a session_start(); on the page to initialize sessions

 

just a few things I saw

[Agricola]

you can not use the $_POST within the function, you need to pass the values to the function when you call it

 

start your function as

function logging_in($username,$password){

 

delete the next  lines

$username = mysql_real_escape_string($_POST['username']);

 

EDIT: you need to convert to md5

$password = md5(mysql_real_escape_string($password));

call the function like so

 

<?php

logging_in($_POST['username'],$_POST['password']);
?>

[cooldude832]

you can not use the $_POST within the function, you need to pass the values to the function when you call it

 

Super globals are modifiable and accessable inside functions declared globals such as

<?php
$hi = "Hello World.";
function do_text(){
echo $hi;
}
do_text();
?>

That will fail but say $_POST['hi'] = "Hello World.";

<?php
function do_text(){
echo $_POST['hi'];
}
do_text();
?>

That will work because you can get to superglobals of $_REQUEST, $_SESSION, $_POST, $_GET

[chris_rulez001]

i have checked in phpmyadmin, i have run my query and no errors occured, i have done the changes: removed $loggedin = true; and the other things. but still no change it still says Invalid username or password.

 

whats wrong with my code? ???

[cooldude832]

so you are saying it gets to the

else (i.e mysql_num_rows($r) !> 0) 

 

if phpmyadmin runs that $query it shouldn't return >0 rows

 

right before $result add in echo $query and then take that and put it directly into phpmyadmin  and see if you get >0 rows

[chris_rulez001]

ive just been looking through my code and in the register code it didnt have mysql_real_escape_string() and i have added it and now it works, so really the problem was i was entering the real password but the code was reading it as something different.

[cooldude832]

when a query returns a 0 set but you think it shouldn't always echo out the query and verify it works in phpmyadmin.

[chris_rulez001]

thanks, ill remember that in future, thanks all for your help

[cooldude832]

just one other thing that I didn't say earlier, but have you looked into header("location: page.php"); to redirect instead of making ppl click links all the time?