www.webdeveloper.com
+ Reply to Thread
Results 1 to 9 of 9
  1. 03-26-2008 05:22 PM #1
    monarch_684
    monarch_684 is offline Registered User
    Join Date
    Jun 2007
    Posts
    191

    Login not working

    Can anyone tell me why this might not be working. It stops if the uname is not valid, doesn't stop if the pwd and uname do not match. It just reads the uname and logs in without the pwd.

    PHP Code:
            $uname $_POST['uname'];
            $pwd $_POST['pwd'];
            $epwd md5('$pwd');
        
            printConnect();
        
            $query "SELECT * FROM login";
            $result mysql_query($query)
            or die (    "Couldn't query data" mysql_error());
            
            $row mysql_fetch_assoc($result);
        
        if(    $uname != $row['username']) {
                $_SESSION['error'] = 'Username does not exist!!';
                header('Location: index.php');
        }
        else {        
                $query "SELECT * FROM login WHERE username = '$uname'";
                $result mysql_query($query)
                or die (    "Couldn't query data" mysql_error());
            
                $row mysql_fetch_assoc($result);
            
                $pwdc $row['password'];
            
            if(    $epwd != $pwdc) {
                    $_SESSION['error'] = 'Username does not exist!!';
                    header('Location: index.php');
            }
            else {
                    $_SESSION['loggedIn'] = TRUE;
                    $_SESSION['uname'] = $uname;    
            }
                header('Location: index.php');
        } 
    Reply With Quote Reply With Quote
  2. 03-27-2008 08:42 AM #2
    MrCoder
    MrCoder is offline Registered User
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    PHP Code:
    $query "SELECT * FROM login"
    Shouldn't that look for the user name?

    PHP Code:
    $result mysql_query("SELECT * FROM login WHERE username = '".mysql_real_escape_string($uname)."' LIMIT 1");

    if(    mysql_num_rows($query) == 1)
    {
            // Username found
            $row  mysql_fetch_assoc($result);
            $pwdc $row['password'];
        
        if(    $epwd == $pwdc)
        {
                // Password matches
            } else {
                // Password mismatch
            }
    } else {
            // Username not found
    Last edited by MrCoder; 03-27-2008 at 08:48 AM.
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.
    Reply With Quote Reply With Quote
  3. 03-27-2008 08:46 AM #3
    bokeh's Avatar
    bokeh
    bokeh is offline Keep it simple, stupid!
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,722
    Quote Originally Posted by monarch_684
    PHP Code:
    $query "SELECT * FROM login"
    What sort of a query is that? Why don't you select what you are looking for.
    Email me | CAPTCHA verification script | DNS speed test | Email address tester | Regex checker | PHP scripts | Do it yourself avatars
    Cruft free domain names | English Spanish Translation | Watermarking images | Freelance | Texas Holdem Poker Probability Calculator
    Reply With Quote Reply With Quote
  4. 03-27-2008 12:18 PM #4
    monarch_684
    monarch_684 is offline Registered User
    Join Date
    Jun 2007
    Posts
    191
    The username part works fine. It is the password part I need help with.
    Reply With Quote Reply With Quote
  5. 03-27-2008 02:09 PM #5
    bokeh's Avatar
    bokeh
    bokeh is offline Keep it simple, stupid!
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,722
    It only works because you have just one entry in the table. Run a proper query that checks the user and password in one hit.
    Email me | CAPTCHA verification script | DNS speed test | Email address tester | Regex checker | PHP scripts | Do it yourself avatars
    Cruft free domain names | English Spanish Translation | Watermarking images | Freelance | Texas Holdem Poker Probability Calculator
    Reply With Quote Reply With Quote
  6. 03-27-2008 10:48 PM #6
    monarch_684
    monarch_684 is offline Registered User
    Join Date
    Jun 2007
    Posts
    191
    This is what I changed it to. It still don't work.

    PHP Code:
    $query "SELECT * FROM login WHERE username= '$uname'";
            $result mysql_query($query)
            or die (    "Couldn't query data" mysql_error());
            
            $row mysql_fetch_assoc($result);
        
        if(    $uname != $row['username']) {
                $_SESSION['error'] = 'Username does not exist!!';
                header('Location: index.php');
        }
        else {
            if(    $epwd != $row['password']) {
                    $_SESSION['error'] = 'Username and password do not match!!';
                    header('Location: index.php');
            }
            else {
                    $_SESSION['loggedIn'] = TRUE;
                    $_SESSION['uname'] = $uname;    
            }
                header('Location: index.php');
        } 
    Reply With Quote Reply With Quote
  7. 03-28-2008 04:07 AM #7
    MrCoder
    MrCoder is offline Registered User
    Join Date
    Jun 2006
    Location
    Down at the bottom of the garden
    Posts
    1,239
    Did you try the code I posted?
    Quote Originally Posted by temp.user123
    You know... You're not so smart. Do you need me to educate you?
    If you say, "please," (and do so, nicely) then I will show you where you're dead wrong.
    Reply With Quote Reply With Quote
  8. 03-28-2008 10:51 AM #8
    monarch_684
    monarch_684 is offline Registered User
    Join Date
    Jun 2007
    Posts
    191
    Yeah, it don't work at all. It says username doesn't exist when I submit.
    Reply With Quote Reply With Quote
  9. 03-28-2008 11:04 AM #9
    monarch_684
    monarch_684 is offline Registered User
    Join Date
    Jun 2007
    Posts
    191
    Just on a whim I tried something, uploaded the script to the production server. Go figure, it works now with the exception of I have to log in twice for some reason and header() is not working.

    PHP Code:
    $query "SELECT * FROM login WHERE username= '$uname'";
                $result mysql_query($query)
                or die (    "Couldn't query data" mysql_error());
            
            $row mysql_fetch_assoc($result);
        
        if(    $uname != $row['username']) {
                $_SESSION['error'] = 'Username does not exist!!';
                header('Location: index.php');
        }
        else {
            if(    $epwd != $row['password']) {
                    $_SESSION['error'] = 'Username and password do not match!!';
                    header('Location: index.php');
            }
            else {
                    $_SESSION['loggedIn'] = TRUE;
                    $_SESSION['uname'] = $uname;    
            }
                header('Location: index.php');
        } 
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 HTML5 Development Center



Recent Articles