chris_rulez001 Posted March 5, 2008 Share Posted March 5, 2008 hi, this is my login function, when i try to login with my login details it says that they are invalid. the code isnt communicating with my database, i looked at the query and it looks ok to me. can someone help me please? function logging_in() { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); if (empty($username) || empty($password)) { echo "You havent filled all the required fields<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>"; } else { mysql_connect("localhost", "***", "***")or die("cannot connect"); mysql_select_db("***")or die("cannot select DB"); $query = "SELECT * FROM forumusers WHERE username='$username' AND password='$password'"; $result = mysql_query($query) OR DIE("error: ".mysql_error()); mysql_close(); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($username == $user && $password == $pass) { $loggedin = TRUE; $_SESSION["username"] = $username; $_SESSION["access_level"] = $r["access_level"]; $_SESSION["logged_in"] = 1; echo "Sucessfully Logged In<br/><br/><a href='index.php'>Home</a>"; } } else { $loggedin = FALSE; echo "Invalid Username And Password<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>"; } } } Quote Link to comment Share on other sites More sharing options...
cry of war Posted March 5, 2008 Share Posted March 5, 2008 Are you hosting your own website your using a Host? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 5, 2008 Share Posted March 5, 2008 change <?php $result = mysql_query($query) OR DIE("error: ".mysql_error()); ?> to <?php $result = mysql_query($query) or die (mysql_error()."<br /><br />".$query); ?> Then go into phpmyadmin (or your sql manager) and run that sql query outputted (if it errors) in there to verify that your data is correct. You don't need the <?php $user = $r['username']; $pass = $r['password']; ?> because you already verified it by saying <?php if(mysql_num_rows($result)>0){ ?> the $loggededin = TRUE is pointless also also don't see a session_start(); on the page to initialize sessions just a few things I saw Quote Link to comment Share on other sites More sharing options...
Agricola Posted March 5, 2008 Share Posted March 5, 2008 you can not use the $_POST within the function, you need to pass the values to the function when you call it start your function as function logging_in($username,$password){ delete the next lines $username = mysql_real_escape_string($_POST['username']); EDIT: you need to convert to md5 $password = md5(mysql_real_escape_string($password)); call the function like so <?php logging_in($_POST['username'],$_POST['password']); ?> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 5, 2008 Share Posted March 5, 2008 you can not use the $_POST within the function, you need to pass the values to the function when you call it Super globals are modifiable and accessable inside functions declared globals such as <?php $hi = "Hello World."; function do_text(){ echo $hi; } do_text(); ?> That will fail but say $_POST['hi'] = "Hello World."; <?php function do_text(){ echo $_POST['hi']; } do_text(); ?> That will work because you can get to superglobals of $_REQUEST, $_SESSION, $_POST, $_GET Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted March 5, 2008 Author Share Posted March 5, 2008 i have checked in phpmyadmin, i have run my query and no errors occured, i have done the changes: removed $loggedin = true; and the other things. but still no change it still says Invalid username or password. whats wrong with my code? ??? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 5, 2008 Share Posted March 5, 2008 so you are saying it gets to the else (i.e mysql_num_rows($r) !> 0) if phpmyadmin runs that $query it shouldn't return >0 rows right before $result add in echo $query and then take that and put it directly into phpmyadmin and see if you get >0 rows Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted March 5, 2008 Author Share Posted March 5, 2008 ive just been looking through my code and in the register code it didnt have mysql_real_escape_string() and i have added it and now it works, so really the problem was i was entering the real password but the code was reading it as something different. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 5, 2008 Share Posted March 5, 2008 when a query returns a 0 set but you think it shouldn't always echo out the query and verify it works in phpmyadmin. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted March 5, 2008 Author Share Posted March 5, 2008 thanks, ill remember that in future, thanks all for your help Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 5, 2008 Share Posted March 5, 2008 just one other thing that I didn't say earlier, but have you looked into header("location: page.php"); to redirect instead of making ppl click links all the time? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.