...

View Full Version : Please help!!!!



westes
08-15-2008, 01:24 PM
I AM MAKING A LOGIN FORM AND WHEN I ENTER CORRECTLY IT DOES NOT LOG IN IT USERNAME AND/OR PASSWORD ARE INCORRECT
INSTEAD OF SAYING YOU HAVE SUCCESSFULLY LOGED IN AS $USER

HERE IS THE SCRIPT


<?php
session_start();
include "./global.php";

echo "<title>Login</title>\n";
if($_SESSION['uid']) {
echo "You are already logged in if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

if(!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding\=\"3\">\n";
echo "<form method=\"post\" action=\"./login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"<input type=\"submit\" name=\"submit\" value =\"Login\"></td></tr>\n";
echo "</form></table>\n";
} else {
$user = mss($_POST['username']);
$pass = $_POST['password'];

if($user && $pass) {
$sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die("CAN NOT CONNECT");
if(mysql_num_rows($res2) > 0) {
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
echo "You have succsessfully logged in as " . $user;

} else {
echo "Username and/or password are not valid!\n";
}
} else {
echo "The username you supplied does not exist!\n";
}
} else {
echo "Complete the form!\n";
}
}

}

?>



HERES GLOBAL.PHP



<?php

$con = mysql_connect('localhost', 'root', 'root') or die (mysql_error());
$db = mysql_select_db("users", $con);


function mss($value) {
return mysql_real_escape_string(trim(strip_tags($value)));
}

?>

abduraooft
08-15-2008, 01:50 PM
if(mysql_num_rows($res) > 0) {
$sql2 = "SELECT id,username FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die("CAN NOT CONNECT");
if(mysql_num_rows($res2) > 0) {
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$user=$row['username'];
echo "You have succsessfully logged in as " . $user;

}

westes
08-15-2008, 09:22 PM
This did not work

vbplusme
08-16-2008, 02:53 AM
I think this query might be the problem:

$sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";


Do you store passwords in md5 format?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum