...

View Full Version : Help PHP login form



westes
08-15-2008, 02:52 AM
This login script is pretty good but every time i log in correctly it says "invalid username and/or password" instead of "You have successfully logged in as $user!"
here is the code


<?php
session_start();
include "./global.php";

echo "<title>Login</title>";
if($_SESSION['uid']) {
echo "You are already logged in if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if(!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding\=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"<input type=\"submit\" name=\"submit\" value =\"Login\"></td></tr>\n";
echo "</form></table>\n";
} else {
$user = mss($_POST['username']);
$pass = $_POST['password'];

if($user && pass) {
$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) > 0) {
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];

echo "You have succsessfully logged in as " . $user;

} else {
echo "Username and/or password are not valid!";
}
} else {
echo "The username you supplied does not exist!";
}
} else {
echo "Complete the form!";
}
}

}

?>

shyam
08-15-2008, 07:27 AM
<?php
...
if($user && pass) {
...

?>

everything looks ok except perhaps the missing $ in front of pass

westes
08-15-2008, 01:41 PM
Thats a mistake but that does not help
There has to be another mistake. look at the commets

<?php
session_start();
include "./global.php";

echo "<title>Login</title>";
if($_SESSION['uid']) {
echo "You are already logged in if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if(!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding\=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"<input type=\"submit\" name=\"submit\" value =\"Login\"></td></tr>\n";
echo "</form></table>\n";
} else {
$user = mss($_POST['username']);
$pass = $_POST['password']; //mss is function from global.php which is included in the script

if($user && $pass) {
$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) > 0) {
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];

echo "You have succsessfully logged in as " . $user;

} else {
echo "Username and/or password are not valid!"; //Im getting this instead of the echo above!
}
} else {
echo "The username you supplied does not exist!";
}
} else {
echo "Complete the form!";
}
}

}

?>

tomharto
07-13-2011, 11:13 AM
Should the function 'mss' not be on the password variable not the username?

bullant
07-13-2011, 11:18 AM
This login script is pretty good.....

If it's pretty good then how come it's not working?

Some Basic Debugging 101 (http://www.codingforums.com/showthread.php?p=1082858#post1082858) should help you find the problem pretty quickly.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum