Login Script Gone Wrong

stevenmw

02-25-2012, 02:33 AM

I was hoping someone could spot what I've done wrong?

<?php

ob_start();

session_start();

$error = 'could not connect to the database';
mysql_connect('----', '----', '----');
mysql_select_db('bb') or die($error);

require 'includes/functions.php';

if ($_POST['login']) {

$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));

if (!username || !password)
echo "please enter a username";

else {

$find = mysql_query("SELECT * FROM bb_users WHERE username_clean='$username'";

if (mysql_num_row($find)==0)
echo "username not found";
esle {
while ($find_row = mysql_fetch_assoc($find))
{
$password_hash = $find_row['user_password'];
}

$check = bb_check_hash($password, $password_hash);
if ($check==FALSE)
echo "incorrect password";
else if ($check==TRUE) {
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
?>
Thanks for any help!

snake111

02-25-2012, 03:23 AM

Found a few errors.

1. you mis-spelt ELSE
2. in the $find variable you forgot to close your parentheses
3. its "mysql_num_rows" not "mysql_num_row"

Correct these errors and then tell us what error message your get.

I was hoping someone could spot what I've done wrong?

<?php

ob_start();

session_start();

$error = 'could not connect to the database';
mysql_connect('----', '----', '----');
mysql_select_db('bb') or die($error);

require 'includes/functions.php';

if ($_POST['login']) {

$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));

if (!username || !password)
echo "please enter a username";

else {

$find = mysql_query("SELECT * FROM bb_users WHERE username_clean='$username'";

if (mysql_num_row($find)==0)
echo "username not found";
esle {
while ($find_row = mysql_fetch_assoc($find))
{
$password_hash = $find_row['user_password'];
}

$check = bb_check_hash($password, $password_hash);
if ($check==FALSE)
echo "incorrect password";
else if ($check==TRUE) {
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
?>
Thanks for any help!

stevenmw

02-25-2012, 04:13 AM

I made the changes suggested. Now the code looks like:

<?php

ob_start();

session_start();

$error = 'could not connect to the database';
mysql_connect('---', '---', '---');
mysql_select_db('bb') or die($error);

require 'includes/functions.php';

if ($_POST['login']) {

$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));

if (!$username || !$password)
echo "please enter a username";

else {

$find = mysql_query("SELECT * FROM bb_users WHERE username_clean='$username'");

if (mysql_num_rows($find)==0)
echo "username not found";
else {
while ($find_row = mysql_fetch_assoc($find))
{
$password_hash = $find_row['user_password'];
}

$check = bb_check_hash($password, $password_hash);
if ($check==FALSE)
echo "incorrect password";
else if ($check==TRUE) {
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
?>
I'm still getting an error. I know it is something simple. (and yes, it is connecting to the DB just fine)

stevenmw

02-25-2012, 08:29 AM

I got it semi-working. Now my header function isn't taking me to main.php when I submit the form. Any ideas?

<?php
//ob
ob_start();
//session
session_start();
//connect
$error = 'Could not connect to the database';
mysql_connect('---','---','---');
mysql_select_db('bb') or die($error);

require 'forums/includes/functions.php';
if ($_POST['login'])
{
//get from data
$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));
if ((!$username) || (!password))
echo "Please enter a username and password<p />";
else
{
//find username
$find = mysql_query("SELECT * FROM bb_users WHERE username_clean='$username'");
if (mysql_num_rows($find)==0)
echo "Username not found<p />";
else
{
while ($find_row = mysql_fetch_assoc($find))
{
//grab password hash for user
$password_hash = $find_row['user_password'];
}

$check = php_check_hash($password, $password_hash);
if ($check==FALSE)
echo "Incorrect password";
else if ($check==TRUE)
{
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}

}
}
}
?>