...

View Full Version : Resolved Login script won't log me in.



VectorWolf
03-10-2009, 05:32 AM
I have a login script set up. Every time I try to login, it says my username and/or password is incorrect for some reason. I have tried with and without hashing the password with no luck.

Here is my code:

<?php
session_start();
include("includes/functions.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Challenge System Control Panel - Login</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<style media="all" type="text/css">@import "css/all.css";</style>
</head>
<body>
<div id="main">
<div id="header">
<a href="index.php" class="logo"><img src="" width="101" height="29" alt="" /></a>
<ul id="top-navigation">
<li class="active"><span><span>Login</span></span></li>
</ul>
</div>
<div id="middle">
<div id="left-column">
</div>
<div id="center-column">
<div class="top-bar">
<h1>Control Panel Login</h1>
<div class="breadcrumbs"></div>
</div><br />
<div class="select-bar">
</div>
<div class="table">
<img src="img/bg-th-left.gif" width="8" height="7" alt="" class="left" />
<img src="img/bg-th-right.gif" width="7" height="7" alt="" class="right" />
<table class="listing form" cellpadding="0" cellspacing="0">
<tr>
<th class="full" colspan="1">Login</th>
</tr>
<!--<tr>-->
<?php
$message = "";
if ($_GET["do"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
$message = "You need to provide a username and password.";
}
$myusername = $_POST['username'];
$mypassword = md5($_POST['password']);
// Create query
$q = "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}
else
{
// Login not successful
$message = "Sorry, could not log you in. Wrong login information.";
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<tr><td class=\"first\"><center><form action=\"?do=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"></td></tr>";
echo "<tr class=\"bg\"><td>Password: <input type=\"password\" name=\"password\" size=\"15\"></td></tr>";
echo "<tr><td><input type=\"submit\" value=\"Login\"></center></td></tr>";
echo "</form>";
}
?>
</table>
<p>&nbsp;</p>
</div>
<center><font color="red"><?php echo $message; ?></font></center>
</div>
<div id="right-column">
<strong class="h">INFO</strong>
<div class="box">Detect and eliminate viruses and Trojan horses, even new and unknown ones. Detect and eliminate viruses and Trojan horses, even new and </div>
</div>
</div>
<div id="footer"></div>
</div>


</body>
</html>


Any help is greatly appreciated.

Thanks in advance,
Sean

VectorWolf
03-10-2009, 09:18 PM
Anyone?

ninnypants
03-10-2009, 09:40 PM
Try this instead


if (mysql_num_rows($r) == 1 )
{
$obj = @mysql_fetch_object($r)
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}

CFMaBiSmAd
03-10-2009, 10:00 PM
Your query is failing and returning a FALSE value in $r instead of a result resource and because you have an @ in front of mysql_fetch_object() to suppress errors, you probably already know this from the error message it was outputting before you put the @ in.

To debug why your query is failing change this -


$r = mysql_query($q);

to this -


$r = mysql_query($q) or die('Query failed: ' . mysql_error());

barkermn01
03-10-2009, 10:10 PM
(!$_POST["username"] || !$_POST["password"])

Meens if post username not equal to true or post password not equal to true fail


$q = "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'";
// Run query
$r = @mysql_query($q);

if ( $obj = @mysql_fetch_array($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj['id'];
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}
else
{
// Login not successful
$message = "Sorry, could not log you in. Wrong login information.";
}


All you need to do check if there in DB don't need to check if there's no data sent just run it and output same error it not much load



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum