Login Problem

[tecmeister]

I have created a register/login page on my web site.

But i having a problem to login.

It is saying:

 

Wrong Username or Password

 

Im using the password that it is giving me when i register.

This is the script that i have used:

 

<?php
session_start();
$_SESSION['logged_in']='yes';
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>NuRevolution - Check Login</title>
</head>

<body>



<?php

//Database Information

$dbhost = "localhost";
$dbname = "web88-**********";
$dbuser = "web88-**********";
$dbpass = "**********";

// Connect to server and select databse.
mysql_connect("$dbhost", "$dbname", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==4){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}



ob_end_flush();
?>


</body>
</html>

[GingerRobot]

Well, $username and $password are undefined. This line:

 

$sql="SELECT * FROM members WHERE username='$username' and password='$password'";

 

Should be:

 

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";

 

Are there really supposed to be 4 rows returned with the same username and password? Surely there should just be one matching row? In which case this:

 

if($count==4){

 

Should be:

 

if($count==1){

[tecmeister]

That is how i had it originally.

But it is still doing the same.

 

what else could it be saying that the username or password is wrong?

[GingerRobot]

Do some error checking on the query:

 

$sql="SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql) or die(mysql_error());
echo '<br />Query was:<br />'.$sql;

 

If that doesn't help you, post the updated code.

[tecmeister]

When i use the new script this is what comes up:

 

Query was:

SELECT * FROM members WHERE username='' and password=''Wrong Username or Password

 

Thanks for your help guru much appreciated.

[GingerRobot]

Sorry, thats partly my fault. You should be using $myusername and $mypassword, since those are the variables you defined. Try:

 

$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die(mysql_error());
echo '<br />Query was:<br />'.$sql;

 

If those variables are still empty, then there's a problem with your form. Check that the names of the fields are "username" and "password" respectively, and that the method is set to POST. Of course, keeping the names consistant rather than switching in between would make things easier.

[tecmeister]

Thanks alot mate, it work with a little bit of mine own editting.

 

Much appreciated again.

 

But i have another question for you:

 

What is the script for members only access?