View Full Version : PHP Login

Jon W
01-23-2008, 06:12 PM
I can't seem to get this PHP Login Script to work right. Its not doing what its suppose to be doing. When I type in a Username that is in the Database, it comes up and says: 'Invalid Username or Password'. I can't make sense of it and I don't have enough knowledge yet to know what I'm doing wrong. If someone could help me out that would be great. Thanks guys!

Jon W


if(isset($_POST['login'])) {

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));


$query = mysql_query("SELECT user_id, username, password, active FROM users WHERE username = '$username' AND password = '$password'") or die('Database Error: ' . mysql_error());

$row = mysql_fetch_assoc($query);
$check = mysql_num_rows($query);

if($check == 1) {

if($row['active'] == 1) {


header("Location: http://example.com/index.php?user_id=" . $row['user_id'] . "");
} else {

$error = "Please Activate your account before logging in.";

} } else {

$error = "Invalid Username or Password";

} }


01-23-2008, 06:18 PM
The username and password isn't in your users table. This script runs the password through md5(), which is officially cracked so therefore pretty useless.

How did you enter your username/password in your table? Is the password just plain text? If so, that's your problem.

Jon W
01-23-2008, 06:19 PM
Nope, the password is md5 in the database.

01-23-2008, 06:21 PM
md5 or not still should work.. you 100&#37; sure its right why not try makin anouther udrname and password seeing if the works

Jon W
01-23-2008, 06:23 PM
Alright, well I'll try that and I'll let you guys know if that works or not.

Jon W
01-23-2008, 06:26 PM
Yeah, its still doing the same thing as it was with the other Username. So its not making sense to me.

01-23-2008, 06:49 PM
Try running the query outside the PHP environment, for example using phpMyAdmin and see what you get. When I say run that query, I mean exactly the same query, which means you'll need to assign the query value to a variable, echo it, then copy/paste it and run it in phpMyAdmin. In other words, don't assume anything about the query.

01-23-2008, 07:10 PM
where didi you get your code from?