PDA

View Full Version : Resolved Login script won't log me in.



VectorWolf
03-10-2009, 06:32 AM
I have a login script set up. Every time I try to login, it says my username and/or password is incorrect for some reason. I have tried with and without hashing the password with no luck.

Here is my code:

<?php
session_start();
include("includes/functions.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Challenge System Control Panel - Login</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<style media="all" type="text/css">@import "css/all.css";</style>
</head>
<body>
<div id="main">
<div id="header">
<a href="index.php" class="logo"><img src="" width="101" height="29" alt="" /></a>
<ul id="top-navigation">
<li class="active"><span><span>Login</span></span></li>
</ul>
</div>
<div id="middle">
<div id="left-column">
</div>
<div id="center-column">
<div class="top-bar">
<h1>Control Panel Login</h1>
<div class="breadcrumbs"></div>
</div><br />
<div class="select-bar">
</div>
<div class="table">
<img src="img/bg-th-left.gif" width="8" height="7" alt="" class="left" />
<img src="img/bg-th-right.gif" width="7" height="7" alt="" class="right" />
<table class="listing form" cellpadding="0" cellspacing="0">
<tr>
<th class="full" colspan="1">Login</th>
</tr>
<!--<tr>-->
<?php
$message = "";
if ($_GET["do"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
$message = "You need to provide a username and password.";
}
$myusername = $_POST['username'];
$mypassword = md5($_POST['password']);
// Create query
$q = "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}
else
{
// Login not successful
$message = "Sorry, could not log you in. Wrong login information.";
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<tr><td class=\"first\"><center><form action=\"?do=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"></td></tr>";
echo "<tr class=\"bg\"><td>Password: <input type=\"password\" name=\"password\" size=\"15\"></td></tr>";
echo "<tr><td><input type=\"submit\" value=\"Login\"></center></td></tr>";
echo "</form>";
}
?>
</table>
<p>&nbsp;</p>
</div>
<center><font color="red"><?php echo $message; ?></font></center>
</div>
<div id="right-column">
<strong class="h">INFO</strong>
<div class="box">Detect and eliminate viruses and Trojan horses, even new and unknown ones. Detect and eliminate viruses and Trojan horses, even new and </div>
</div>
</div>
<div id="footer"></div>
</div>


</body>
</html>


Any help is greatly appreciated.

Thanks in advance,
Sean

VectorWolf
03-10-2009, 10:18 PM
Anyone?

ninnypants
03-10-2009, 10:40 PM
Try this instead


if (mysql_num_rows($r) == 1 )
{
$obj = @mysql_fetch_object($r)
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}

CFMaBiSmAd
03-10-2009, 11:00 PM
Your query is failing and returning a FALSE value in $r instead of a result resource and because you have an @ in front of mysql_fetch_object() to suppress errors, you probably already know this from the error message it was outputting before you put the @ in.

To debug why your query is failing change this -


$r = mysql_query($q);

to this -


$r = mysql_query($q) or die('Query failed: ' . mysql_error());

barkermn01
03-10-2009, 11:10 PM
(!$_POST["username"] || !$_POST["password"])

Meens if post username not equal to true or post password not equal to true fail


$q = "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'";
// Run query
$r = @mysql_query($q);

if ( $obj = @mysql_fetch_array($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj['id'];
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: index.php");
}
else
{
// Login not successful
$message = "Sorry, could not log you in. Wrong login information.";
}


All you need to do check if there in DB don't need to check if there's no data sent just run it and output same error it not much load